ID
VAR-201405-0360
CVE
CVE-2014-3265
TITLE
Cisco Security Manager of Auto Update Server of Web Cross-site scripting vulnerability in the framework
Trust: 0.8
DESCRIPTION
Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuo06900. Cisco Security Device Manager, Cisco Security Device Management Tool, referred to as SDM. It is a graphical router management tool provided by Cisco. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuo06900. Security Manager 4.2 and prior are vulnerable. The vulnerability is caused by the program's insufficient validation parameters
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | security manager | scope: | eq | version: | 4.2 | Trust: 1.6 |
| vendor: | cisco | model: | security manager | scope: | lte | version: | 4.2 | Trust: 0.8 |
| vendor: | cisco | model: | security manager | scope: | lte | version: | <=4.2 | Trust: 0.6 |
| vendor: | cisco | model: | security manager base | scope: | eq | version: | 4.2 | Trust: 0.3 |
| vendor: | cisco | model: | security manager base | scope: | eq | version: | 4.1 | Trust: 0.3 |
| vendor: | cisco | model: | security manager base | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | cisco | model: | security manager sp2 | scope: | eq | version: | 4.0.1 | Trust: 0.3 |
| vendor: | cisco | model: | security manager sp1 | scope: | eq | version: | 4.0.1 | Trust: 0.3 |
| vendor: | cisco | model: | security manager | scope: | eq | version: | 4.0.1 | Trust: 0.3 |
| vendor: | cisco | model: | security manager sp1 | scope: | eq | version: | 4.0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
XSS
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Cisco Security Manager AUS Cross-Site Scripting Vulnerability | url: | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3265 | Trust: 0.8 |
| title: | 34274 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=34274 | Trust: 0.8 |
| title: | Cisco Security Manage automatically upgrades patches for server cross-site scripting vulnerabilities | url: | https://www.cnvd.org.cn/patchInfo/show/45840 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2014-3265 | Trust: 3.4 |
| db: | SECTRACK | id: | 1030260 | Trust: 1.1 |
| db: | BID | id: | 67499 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2014-002551 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201405-385 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2014-03192 | Trust: 0.6 |
| db: | CISCO | id: | 20140519 CISCO SECURITY MANAGER AUS CROSS-SITE SCRIPTING VULNERABILITY | Trust: 0.6 |
| db: | VULHUB | id: | VHN-71205 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3265 | Trust: 2.6 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=34274 | Trust: 2.0 |
| url: | http://www.securitytracker.com/id/1030260 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3265 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3265 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2014-03192 |
| db: | VULHUB | id: | VHN-71205 |
| db: | BID | id: | 67499 |
| db: | JVNDB | id: | JVNDB-2014-002551 |
| db: | CNNVD | id: | CNNVD-201405-385 |
| db: | NVD | id: | CVE-2014-3265 |
LAST UPDATE DATE
2025-04-13T23:23:54.329000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-03192 | date: | 2014-05-23T00:00:00 |
| db: | VULHUB | id: | VHN-71205 | date: | 2016-09-07T00:00:00 |
| db: | BID | id: | 67499 | date: | 2014-05-19T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-002551 | date: | 2014-05-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-201405-385 | date: | 2014-05-23T00:00:00 |
| db: | NVD | id: | CVE-2014-3265 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-03192 | date: | 2014-05-23T00:00:00 |
| db: | VULHUB | id: | VHN-71205 | date: | 2014-05-20T00:00:00 |
| db: | BID | id: | 67499 | date: | 2014-05-19T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-002551 | date: | 2014-05-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-201405-385 | date: | 2014-05-23T00:00:00 |
| db: | NVD | id: | CVE-2014-3265 | date: | 2014-05-20T11:13:38.013 |