Details of VAR-201405-0361

ID

VAR-201405-0361

CVE

CVE-2014-3266

TITLE

Cisco Security Manager of Web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-002645

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCun65189

Trust: 1.98

sources: NVD: CVE-2014-3266 // JVNDB: JVNDB-2014-002645 // BID: 67569 // VULHUB: VHN-71206

AFFECTED PRODUCTS

vendor:	cisco	model:	security manager	scope:	lte	version:	4.6	Trust: 1.8
vendor:	cisco	model:	security manager	scope:	eq	version:	4.0	Trust: 1.6
vendor:	cisco	model:	security manager	scope:	eq	version:	4.0.1	Trust: 1.6
vendor:	cisco	model:	security manager	scope:	eq	version:	4.2	Trust: 1.6
vendor:	cisco	model:	security manager	scope:	eq	version:	4.1	Trust: 1.6
vendor:	cisco	model:	security manager	scope:	eq	version:	4.5	Trust: 1.0
vendor:	cisco	model:	security manager	scope:	eq	version:	4.4	Trust: 1.0
vendor:	cisco	model:	security manager	scope:	eq	version:	4.3	Trust: 1.0

sources: JVNDB: JVNDB-2014-002645 // CNNVD: CNNVD-201405-471 // NVD: CVE-2014-3266

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3266
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3266
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201405-471
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71206
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3266
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71206
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71206 // JVNDB: JVNDB-2014-002645 // CNNVD: CNNVD-201405-471 // NVD: CVE-2014-3266

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-71206 // JVNDB: JVNDB-2014-002645 // NVD: CVE-2014-3266

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-471

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201405-471

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002645

PATCH

title:	Cisco Security Manager Cross-Site Scripting Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3266	Trust: 0.8
title:	34340	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34340	Trust: 0.8

sources: JVNDB: JVNDB-2014-002645

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3266	Trust: 2.8
db:	BID	id:	67569	Trust: 1.4
db:	SECUNIA	id:	58923	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-002645	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-471	Trust: 0.7
db:	CISCO	id:	20140522 CISCO SECURITY MANAGER CROSS-SITE SCRIPTING VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-71206	Trust: 0.1

sources: VULHUB: VHN-71206 // BID: 67569 // JVNDB: JVNDB-2014-002645 // CNNVD: CNNVD-201405-471 // NVD: CVE-2014-3266

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3266	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34340	Trust: 1.7
url:	http://www.securityfocus.com/bid/67569	Trust: 1.1
url:	http://secunia.com/advisories/58923	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3266	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3266	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-71206 // BID: 67569 // JVNDB: JVNDB-2014-002645 // CNNVD: CNNVD-201405-471 // NVD: CVE-2014-3266

CREDITS

Cisco

Trust: 0.3

sources: BID: 67569

SOURCES

db:	VULHUB	id:	VHN-71206
db:	BID	id:	67569
db:	JVNDB	id:	JVNDB-2014-002645
db:	CNNVD	id:	CNNVD-201405-471
db:	NVD	id:	CVE-2014-3266

LAST UPDATE DATE

2025-04-13T23:27:41.900000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71206	date:	2015-09-16T00:00:00
db:	BID	id:	67569	date:	2014-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2014-002645	date:	2014-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201405-471	date:	2014-05-28T00:00:00
db:	NVD	id:	CVE-2014-3266	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71206	date:	2014-05-26T00:00:00
db:	BID	id:	67569	date:	2014-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2014-002645	date:	2014-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201405-471	date:	2014-05-28T00:00:00
db:	NVD	id:	CVE-2014-3266	date:	2014-05-26T00:25:31.300