Sign-up

ID

VAR-201405-0468


CVE

CVE-2014-2191


TITLE

Telco and Wireless for Cisco Broadcast Access Center of Web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-002410

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun91113. Vendors have confirmed this vulnerability CSCun91113 It is released as.By any third party through unspecified parameters Web Script or HTML May be inserted. Cisco Broadband Access Center (BAC) is a decentralized, strippable, signer device hypervisor that implements automated user traffic management through the provision of user services. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCun91113

Trust: 2.52

sources: NVD: CVE-2014-2191 // JVNDB: JVNDB-2014-002410 // CNVD: CNVD-2014-02912 // BID: 67231 // VULHUB: VHN-70130

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02912

AFFECTED PRODUCTS

vendor:ciscomodel:broadband access center telco wireless softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:broadband access center telco wireless softwarescope:lteversion:3.8(.0.1)

Trust: 0.8

vendor:ciscomodel:broadband access center telco wirelessscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2014-02912 // JVNDB: JVNDB-2014-002410 // CNNVD: CNNVD-201405-098 // NVD: CVE-2014-2191

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2191
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2191
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-02912
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201405-098
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70130
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2191
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-02912
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-70130
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-02912 // VULHUB: VHN-70130 // JVNDB: JVNDB-2014-002410 // CNNVD: CNNVD-201405-098 // NVD: CVE-2014-2191

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-70130 // JVNDB: JVNDB-2014-002410 // NVD: CVE-2014-2191

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-098

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201405-098

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002410

PATCH
title:Cisco Broadcast Access Center for Telco and Wireless Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2191
Trust: 0.8
title:34147url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34147
Trust: 0.8
title:Patch for Cisco Broadband Access Center Telco Wireless Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/45480
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-02912 // 
            
            
            
            JVNDB: JVNDB-2014-002410

EXTERNAL IDS
db:NVDid:CVE-2014-2191
Trust: 3.4
db:SECTRACKid:1030198
Trust: 1.1
db:JVNDBid:JVNDB-2014-002410
Trust: 0.8
db:CNNVDid:CNNVD-201405-098
Trust: 0.7
db:CNVDid:CNVD-2014-02912
Trust: 0.6
db:CISCOid:20140506 CISCO BROADCAST ACCESS CENTER FOR TELCO AND WIRELESS CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:BIDid:67231
Trust: 0.4
db:VULHUBid:VHN-70130
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-02912 // 
            
            
            
            VULHUB: VHN-70130 // 
            
            
            
            BID: 67231 // 
            
            
            
            JVNDB: JVNDB-2014-002410 // 
            
            
            
            CNNVD: CNNVD-201405-098 // 
            
            
            
            NVD: CVE-2014-2191

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2191
Trust: 2.3
url:http://www.securitytracker.com/id/1030198
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2191
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2191
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2014-02912 // 
            
            
            
            VULHUB: VHN-70130 // 
            
            
            
            JVNDB: JVNDB-2014-002410 // 
            
            
            
            CNNVD: CNNVD-201405-098 // 
            
            
            
            NVD: CVE-2014-2191

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67231

SOURCES
db:CNVDid:CNVD-2014-02912
db:VULHUBid:VHN-70130
db:BIDid:67231
db:JVNDBid:JVNDB-2014-002410
db:CNNVDid:CNNVD-201405-098
db:NVDid:CVE-2014-2191

LAST UPDATE DATE
2025-04-12T23:18:59.767000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-02912date:2014-05-09T00:00:00
db:VULHUBid:VHN-70130date:2015-08-13T00:00:00
db:BIDid:67231date:2014-05-08T07:42:00
db:JVNDBid:JVNDB-2014-002410date:2014-05-08T00:00:00
db:CNNVDid:CNNVD-201405-098date:2014-05-08T00:00:00
db:NVDid:CVE-2014-2191date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-02912date:2014-05-09T00:00:00
db:VULHUBid:VHN-70130date:2014-05-07T00:00:00
db:BIDid:67231date:2014-05-06T00:00:00
db:JVNDBid:JVNDB-2014-002410date:2014-05-08T00:00:00
db:CNNVDid:CNNVD-201405-098date:2014-05-08T00:00:00
db:NVDid:CVE-2014-2191date:2014-05-07T10:55:05.337