Sign-up

ID

VAR-201401-0337


CVE

CVE-2014-0673


TITLE

Cisco Video Surveillance 5000 HD IP Dome Camera Web Interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001254

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance 5000 HD IP Dome cameras allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCud10943 and CSCud10950. Vendors have confirmed this vulnerability Bug ID CSCud10943 and CSCud10950 It is released as.Skillfully crafted by a third party URL Through any Web Script or HTML May be inserted. Allows an attacker to build a malicious URI, entice a user to resolve, and obtain sensitive information or hijack a user session when malicious data is viewed. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID's CSCud10943 and CSCud10950

Trust: 2.52

sources: NVD: CVE-2014-0673 // JVNDB: JVNDB-2014-001254 // CNVD: CNVD-2014-00680 // BID: 65145 // VULHUB: VHN-68166

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00680

AFFECTED PRODUCTS

vendor:ciscomodel:video surveillance indoor fixed dome ip hd camerascope:eqversion:5011

Trust: 1.6

vendor:ciscomodel:video surveillance indoor fixed dome ip hd camerascope:eqversion:5010

Trust: 1.6

vendor:ciscomodel:video surveillance 5000 series hd ip dome camerascope:eqversion:firmware 1.6 (.17)

Trust: 0.8

vendor:ciscomodel:video surveillance series hd ip dome camerascope:eqversion:5000

Trust: 0.6

vendor:ciscomodel:video surveillance series hd ip dome camerascope:eqversion:50000

Trust: 0.3

sources: CNVD: CNVD-2014-00680 // BID: 65145 // JVNDB: JVNDB-2014-001254 // CNNVD: CNNVD-201401-521 // NVD: CVE-2014-0673

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0673
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0673
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00680
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-521
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68166
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0673
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00680
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-68166
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00680 // VULHUB: VHN-68166 // JVNDB: JVNDB-2014-001254 // CNNVD: CNNVD-201401-521 // NVD: CVE-2014-0673

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-68166 // JVNDB: JVNDB-2014-001254 // NVD: CVE-2014-0673

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-521

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201401-521

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001254

PATCH
title:Cisco Video Surveillance 5000 Series HD IP Dome Camera Multiple Cross-Site Scripting Vulnerabilitiesurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0673
Trust: 0.8
title:32568url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32568
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001254

EXTERNAL IDS
db:NVDid:CVE-2014-0673
Trust: 3.4
db:BIDid:65145
Trust: 2.0
db:SECTRACKid:1029689
Trust: 1.1
db:OSVDBid:102557
Trust: 1.1
db:SECUNIAid:56552
Trust: 1.1
db:JVNDBid:JVNDB-2014-001254
Trust: 0.8
db:CNNVDid:CNNVD-201401-521
Trust: 0.7
db:CNVDid:CNVD-2014-00680
Trust: 0.6
db:CISCOid:20140124 CISCO VIDEO SURVEILLANCE 5000 SERIES HD IP DOME CAMERA MULTIPLE CROSS-SITE SCRIPTING VULNERABILITIES
Trust: 0.6
db:VULHUBid:VHN-68166
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00680 // 
            
            
            
            VULHUB: VHN-68166 // 
            
            
            
            BID: 65145 // 
            
            
            
            JVNDB: JVNDB-2014-001254 // 
            
            
            
            CNNVD: CNNVD-201401-521 // 
            
            
            
            NVD: CVE-2014-0673

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0673
Trust: 2.3
url:http://www.securityfocus.com/bid/65145
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32568
Trust: 1.1
url:http://osvdb.org/102557
Trust: 1.1
url:http://www.securitytracker.com/id/1029689
Trust: 1.1
url:http://secunia.com/advisories/56552
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90733
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0673
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0673
Trust: 0.8
url:https://tools.cisco.com/bugsearch/bug/cscud10943
Trust: 0.6
url:https://tools.cisco.com/bugsearch/bug/cscud10950
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-00680 // 
            
            
            
            VULHUB: VHN-68166 // 
            
            
            
            BID: 65145 // 
            
            
            
            JVNDB: JVNDB-2014-001254 // 
            
            
            
            CNNVD: CNNVD-201401-521 // 
            
            
            
            NVD: CVE-2014-0673

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65145

SOURCES
db:CNVDid:CNVD-2014-00680
db:VULHUBid:VHN-68166
db:BIDid:65145
db:JVNDBid:JVNDB-2014-001254
db:CNNVDid:CNNVD-201401-521
db:NVDid:CVE-2014-0673

LAST UPDATE DATE
2025-04-11T22:53:07.667000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00680date:2014-02-10T00:00:00
db:VULHUBid:VHN-68166date:2017-08-29T00:00:00
db:BIDid:65145date:2014-01-24T00:00:00
db:JVNDBid:JVNDB-2014-001254date:2014-01-28T00:00:00
db:CNNVDid:CNNVD-201401-521date:2014-01-28T00:00:00
db:NVDid:CVE-2014-0673date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00680date:2014-01-28T00:00:00
db:VULHUBid:VHN-68166date:2014-01-25T00:00:00
db:BIDid:65145date:2014-01-24T00:00:00
db:JVNDBid:JVNDB-2014-001254date:2014-01-28T00:00:00
db:CNNVDid:CNNVD-201401-521date:2014-01-28T00:00:00
db:NVDid:CVE-2014-0673date:2014-01-25T22:55:03.300