Sign-up

ID

VAR-201408-0166


CVE

CVE-2014-3345


TITLE

Cisco Transport Gateway for Smart Call Home of Web Vulnerability to change products in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-003989

DESCRIPTION

The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503. Vendors have confirmed this vulnerability Bug ID CSCuq31503 It is released as.Skillfully crafted by a third party URL There is a possibility to change the product through. Attackers can exploit this issue to make changes to the affected system and bypass security restrictions. This issue is being tracked by Cisco Bug ID CSCuq31503

Trust: 1.98

sources: NVD: CVE-2014-3345 // JVNDB: JVNDB-2014-003989 // BID: 69442 // VULHUB: VHN-71285

AFFECTED PRODUCTS

vendor:ciscomodel:transport gateway installation softwarescope:eqversion:4.0

Trust: 1.6

vendor:ciscomodel:transport gateway for smart call homescope:eqversion:4.0

Trust: 0.8

sources: JVNDB: JVNDB-2014-003989 // CNNVD: CNNVD-201408-437 // NVD: CVE-2014-3345

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3345
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3345
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201408-437
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71285
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3345
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71285
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71285 // JVNDB: JVNDB-2014-003989 // CNNVD: CNNVD-201408-437 // NVD: CVE-2014-3345

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-71285 // JVNDB: JVNDB-2014-003989 // NVD: CVE-2014-3345

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-437

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201408-437

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003989

PATCH
title:Transport Gateway for Smart Call Home Unauthorized Configuration Change Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3345
Trust: 0.8
title:35468url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35468
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003989

EXTERNAL IDS
db:NVDid:CVE-2014-3345
Trust: 2.8
db:BIDid:69442
Trust: 1.4
db:SECTRACKid:1030774
Trust: 1.1
db:SECUNIAid:60391
Trust: 1.1
db:JVNDBid:JVNDB-2014-003989
Trust: 0.8
db:CNNVDid:CNNVD-201408-437
Trust: 0.7
db:VULHUBid:VHN-71285
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71285 // 
            
            
            
            BID: 69442 // 
            
            
            
            JVNDB: JVNDB-2014-003989 // 
            
            
            
            CNNVD: CNNVD-201408-437 // 
            
            
            
            NVD: CVE-2014-3345

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3345
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=35468
Trust: 1.7
url:http://www.securityfocus.com/bid/69442
Trust: 1.1
url:http://www.securitytracker.com/id/1030774
Trust: 1.1
url:http://secunia.com/advisories/60391
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/95589
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3345
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3345
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71285 // 
            
            
            
            BID: 69442 // 
            
            
            
            JVNDB: JVNDB-2014-003989 // 
            
            
            
            CNNVD: CNNVD-201408-437 // 
            
            
            
            NVD: CVE-2014-3345

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 69442

SOURCES
db:VULHUBid:VHN-71285
db:BIDid:69442
db:JVNDBid:JVNDB-2014-003989
db:CNNVDid:CNNVD-201408-437
db:NVDid:CVE-2014-3345

LAST UPDATE DATE
2025-04-13T23:42:06.722000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71285date:2017-08-29T00:00:00
db:BIDid:69442date:2014-08-28T00:00:00
db:JVNDBid:JVNDB-2014-003989date:2014-09-01T00:00:00
db:CNNVDid:CNNVD-201408-437date:2014-08-29T00:00:00
db:NVDid:CVE-2014-3345date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-71285date:2014-08-28T00:00:00
db:BIDid:69442date:2014-08-28T00:00:00
db:JVNDBid:JVNDB-2014-003989date:2014-09-01T00:00:00
db:CNNVDid:CNNVD-201408-437date:2014-08-29T00:00:00
db:NVDid:CVE-2014-3345date:2014-08-28T23:55:05.483