Details of VAR-201408-0165

ID

VAR-201408-0165

CVE

CVE-2014-3344

TITLE

Cisco Transport Gateway for Smart Call Home of Web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-003986

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq31134, CSCuq31137, and CSCuq31563. Vendors have confirmed this vulnerability Bug ID CSCuq31129 , CSCuq31134 , CSCuq31137 ,and CSCuq31563 It is released as.Unspecified by a third party Any via parameter Web Script or HTML May be inserted. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug IDs CSCuq31129, CSCuq31134, CSCuq31137, and CSCuq31563. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Trust: 1.98

sources: NVD: CVE-2014-3344 // JVNDB: JVNDB-2014-003986 // BID: 69412 // VULHUB: VHN-71284

IOT TAXONOMY

category:

['network device']

sub_category:

gateway

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	cisco	model:	transport gateway installation software	scope:	eq	version:	4.0	Trust: 1.6
vendor:	cisco	model:	transport gateway for smart call home	scope:	eq	version:	4.0	Trust: 0.8

sources: JVNDB: JVNDB-2014-003986 // CNNVD: CNNVD-201408-430 // NVD: CVE-2014-3344

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3344
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3344
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201408-430
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71284
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3344
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71284
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71284 // JVNDB: JVNDB-2014-003986 // CNNVD: CNNVD-201408-430 // NVD: CVE-2014-3344

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-71284 // JVNDB: JVNDB-2014-003986 // NVD: CVE-2014-3344

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-430

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201408-430

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003986

PATCH

title:	Multiple Cross-Site Scripting Vulnerabilities in Transport Gateway for Smart Call Home	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3344	Trust: 0.8
title:	35431	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35431	Trust: 0.8

sources: JVNDB: JVNDB-2014-003986

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3344	Trust: 2.9
db:	BID	id:	69412	Trust: 1.4
db:	SECUNIA	id:	60278	Trust: 1.1
db:	SECTRACK	id:	1030760	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-003986	Trust: 0.8
db:	CNNVD	id:	CNNVD-201408-430	Trust: 0.7
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-71284	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-71284 // BID: 69412 // JVNDB: JVNDB-2014-003986 // CNNVD: CNNVD-201408-430 // NVD: CVE-2014-3344

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3344	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35431	Trust: 1.7
url:	http://www.securityfocus.com/bid/69412	Trust: 1.1
url:	http://www.securitytracker.com/id/1030760	Trust: 1.1
url:	http://secunia.com/advisories/60278	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/95482	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3344	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3344	Trust: 0.8
url:	www.cisco.com	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-71284 // BID: 69412 // JVNDB: JVNDB-2014-003986 // CNNVD: CNNVD-201408-430 // NVD: CVE-2014-3344

CREDITS

Cisco

Trust: 0.3

sources: BID: 69412

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-71284
db:	BID	id:	69412
db:	JVNDB	id:	JVNDB-2014-003986
db:	CNNVD	id:	CNNVD-201408-430
db:	NVD	id:	CVE-2014-3344

LAST UPDATE DATE

2025-04-13T22:07:48.150000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71284	date:	2017-08-29T00:00:00
db:	BID	id:	69412	date:	2014-09-01T01:02:00
db:	JVNDB	id:	JVNDB-2014-003986	date:	2014-08-29T00:00:00
db:	CNNVD	id:	CNNVD-201408-430	date:	2014-08-29T00:00:00
db:	NVD	id:	CVE-2014-3344	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71284	date:	2014-08-28T00:00:00
db:	BID	id:	69412	date:	2014-08-26T00:00:00
db:	JVNDB	id:	JVNDB-2014-003986	date:	2014-08-29T00:00:00
db:	CNNVD	id:	CNNVD-201408-430	date:	2014-08-29T00:00:00
db:	NVD	id:	CVE-2014-3344	date:	2014-08-28T01:55:03.387