Sign-up

ID

VAR-201408-0169


CVE

CVE-2014-3349


TITLE

Cisco Intelligent Automation for Cloud Vulnerable to uploading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2014-003991

DESCRIPTION

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. This issue is being tracked by Cisco Bug ID CSCuh87410. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures

Trust: 1.98

sources: NVD: CVE-2014-3349 // JVNDB: JVNDB-2014-003991 // BID: 69455 // VULHUB: VHN-71289

AFFECTED PRODUCTS

vendor:ciscomodel:cloud portalscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:cloud portalscope:lteversion:2008.3_sp9

Trust: 0.8

sources: JVNDB: JVNDB-2014-003991 // CNNVD: CNNVD-201408-462 // NVD: CVE-2014-3349

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3349
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3349
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201408-462
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71289
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3349
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71289
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71289 // JVNDB: JVNDB-2014-003991 // CNNVD: CNNVD-201408-462 // NVD: CVE-2014-3349

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-71289 // JVNDB: JVNDB-2014-003991 // NVD: CVE-2014-3349

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-462

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201408-462

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003991

PATCH
title:Cisco Intelligent Automation for Cloud Arbitrary File Uploadurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3349
Trust: 0.8
title:35477url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35477
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003991

EXTERNAL IDS
db:NVDid:CVE-2014-3349
Trust: 2.8
db:BIDid:69455
Trust: 1.4
db:SECTRACKid:1030783
Trust: 1.1
db:JVNDBid:JVNDB-2014-003991
Trust: 0.8
db:CNNVDid:CNNVD-201408-462
Trust: 0.7
db:VULHUBid:VHN-71289
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71289 // 
            
            
            
            BID: 69455 // 
            
            
            
            JVNDB: JVNDB-2014-003991 // 
            
            
            
            CNNVD: CNNVD-201408-462 // 
            
            
            
            NVD: CVE-2014-3349

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3349
Trust: 1.7
url:http://www.securityfocus.com/bid/69455
Trust: 1.1
url:http://www.securitytracker.com/id/1030783
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/95586
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3349
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3349
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71289 // 
            
            
            
            BID: 69455 // 
            
            
            
            JVNDB: JVNDB-2014-003991 // 
            
            
            
            CNNVD: CNNVD-201408-462 // 
            
            
            
            NVD: CVE-2014-3349

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 69455

SOURCES
db:VULHUBid:VHN-71289
db:BIDid:69455
db:JVNDBid:JVNDB-2014-003991
db:CNNVDid:CNNVD-201408-462
db:NVDid:CVE-2014-3349

LAST UPDATE DATE
2025-04-13T23:34:11.326000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71289date:2017-08-29T00:00:00
db:BIDid:69455date:2014-09-01T01:03:00
db:JVNDBid:JVNDB-2014-003991date:2014-09-01T00:00:00
db:CNNVDid:CNNVD-201408-462date:2014-09-01T00:00:00
db:NVDid:CVE-2014-3349date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-71289date:2014-08-29T00:00:00
db:BIDid:69455date:2014-08-28T00:00:00
db:JVNDBid:JVNDB-2014-003991date:2014-09-01T00:00:00
db:CNNVDid:CNNVD-201408-462date:2014-08-29T00:00:00
db:NVDid:CVE-2014-3349date:2014-08-29T09:55:08.167