Sign-up

ID

VAR-201405-0467


CVE

CVE-2014-2190


TITLE

Telco and Wireless for Cisco Broadcast Access Center of Web Cross-site request forgery vulnerability in framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-002409

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389. Vendors have confirmed this vulnerability Bug IDs CSCuo23804 and CSCuo26389 It is released as.A third party is hijacking the authentication of any user, BAC-TW Is subject to change. Cisco Broadband Access Center (BAC) is a decentralized, strippable, signer device hypervisor that implements automated user traffic management through the provision of user services. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuo23804 and CSCuo26389. A remote attacker could exploit this vulnerability to modify BAC-TW

Trust: 2.52

sources: NVD: CVE-2014-2190 // JVNDB: JVNDB-2014-002409 // CNVD: CNVD-2014-02910 // BID: 67225 // VULHUB: VHN-70129

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02910

AFFECTED PRODUCTS

vendor:ciscomodel:broadband access center telco wireless softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:broadband access center telco wireless softwarescope:lteversion:3.8(.0.1)

Trust: 0.8

vendor:ciscomodel:broadband access center telco wirelessscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2014-02910 // JVNDB: JVNDB-2014-002409 // CNNVD: CNNVD-201405-097 // NVD: CVE-2014-2190

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2190
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2190
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-02910
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201405-097
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70129
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2190
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2014-2190
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-02910
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-70129
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-02910 // VULHUB: VHN-70129 // JVNDB: JVNDB-2014-002409 // CNNVD: CNNVD-201405-097 // NVD: CVE-2014-2190

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-70129 // JVNDB: JVNDB-2014-002409 // NVD: CVE-2014-2190

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-097

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201405-097

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002409

PATCH
title:Cisco Broadcast Access Center for Telco and Wireless Cross-Site Request Forgery Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2190
Trust: 0.8
title:34146url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34146
Trust: 0.8
title:Patch for Cisco Broadband Access Center Telco Wireless Cross-Site Request Forgery Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/45478
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-02910 // 
            
            
            
            JVNDB: JVNDB-2014-002409

EXTERNAL IDS
db:NVDid:CVE-2014-2190
Trust: 3.4
db:SECTRACKid:1030199
Trust: 1.1
db:BIDid:67225
Trust: 1.0
db:JVNDBid:JVNDB-2014-002409
Trust: 0.8
db:CNNVDid:CNNVD-201405-097
Trust: 0.7
db:CNVDid:CNVD-2014-02910
Trust: 0.6
db:CISCOid:20140506 CISCO BROADCAST ACCESS CENTER FOR TELCO AND WIRELESS CROSS-SITE REQUEST FORGERY VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-70129
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-02910 // 
            
            
            
            VULHUB: VHN-70129 // 
            
            
            
            BID: 67225 // 
            
            
            
            JVNDB: JVNDB-2014-002409 // 
            
            
            
            CNNVD: CNNVD-201405-097 // 
            
            
            
            NVD: CVE-2014-2190

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2190
Trust: 2.3
url:http://www.securitytracker.com/id/1030199
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2190
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2190
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2014-02910 // 
            
            
            
            VULHUB: VHN-70129 // 
            
            
            
            JVNDB: JVNDB-2014-002409 // 
            
            
            
            CNNVD: CNNVD-201405-097 // 
            
            
            
            NVD: CVE-2014-2190

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67225

SOURCES
db:CNVDid:CNVD-2014-02910
db:VULHUBid:VHN-70129
db:BIDid:67225
db:JVNDBid:JVNDB-2014-002409
db:CNNVDid:CNNVD-201405-097
db:NVDid:CVE-2014-2190

LAST UPDATE DATE
2025-04-12T23:37:04.318000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-02910date:2014-05-09T00:00:00
db:VULHUBid:VHN-70129date:2015-08-13T00:00:00
db:BIDid:67225date:2014-05-08T07:22:00
db:JVNDBid:JVNDB-2014-002409date:2014-05-08T00:00:00
db:CNNVDid:CNNVD-201405-097date:2014-05-08T00:00:00
db:NVDid:CVE-2014-2190date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-02910date:2014-05-09T00:00:00
db:VULHUBid:VHN-70129date:2014-05-07T00:00:00
db:BIDid:67225date:2014-05-06T00:00:00
db:JVNDBid:JVNDB-2014-002409date:2014-05-08T00:00:00
db:CNNVDid:CNNVD-201405-097date:2014-05-08T00:00:00
db:NVDid:CVE-2014-2190date:2014-05-07T10:55:05.227