Headline
CVE-2014-3399: Announcement Regarding Non-Cisco Product Security Alerts
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service (portal outage or system reload), via crafted HTTP requests, aka Bug ID CSCup54208.
On 2019 September 15, Cisco stopped publishing non-Cisco product alerts � alerts with vulnerability information about third-party software (TPS). Cisco will continue to publish Security Advisories to address both Cisco proprietary and TPS vulnerabilities per the Cisco Security Vulnerability Policy. Cisco uses Release Note Enclosures to disclose the majority of TPS vulnerabilities; exceptions to this method are outlined in the Third-Party Software Vulnerabilities section of the Cisco Security Vulnerability Policy. The following links provide additional information.