Cisco ASA Clientless VPN Information Disclosure and DoS Vulnerability (cisco-sa-20141008-asa) (CVE-2014-3392)

A vulnerability in the Clientless SSL VPN portal feature could allow an unauthenticated, remote attacker to access random memory locations. Due to this vulnerability, the attacker may be able to access the information stored in memory and in some cases may be able to corrupt this portion of memory, which could lead to a reload of the affected system.

客户端无SSL VPN门户功能中存在的一个漏洞可能使未经身份验证的远程攻击者访问随机的内存位置。由于此漏洞，攻击者可能能够访问存储在内存中的信息，在某些情况下甚至可能篡改该内存部分，从而导致受影响系统的重新加载。