Sign-up

ID

VAR-201408-0171


CVE

CVE-2014-3351


TITLE

Cisco Intelligent Automation for Cloud Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-003993

DESCRIPTION

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380. Vendors have confirmed this vulnerability Bug ID CSCuh87398 ,and CSCuh87380 It is released as.A third party may be able to obtain important information via a crafted packet. Attackers can exploit this issue to retrieve sensitive information. Information harvested may aid in launching further attacks. This issue is tracked by Cisco Bug IDs CSCuh87398 and CSCuh87380. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures

Trust: 1.98

sources: NVD: CVE-2014-3351 // JVNDB: JVNDB-2014-003993 // BID: 69456 // VULHUB: VHN-71291

AFFECTED PRODUCTS

vendor:ciscomodel:cloud portalscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:cloud portalscope:lteversion:2008.3_sp9

Trust: 0.8

sources: JVNDB: JVNDB-2014-003993 // CNNVD: CNNVD-201408-464 // NVD: CVE-2014-3351

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3351
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3351
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201408-464
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71291
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3351
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71291
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71291 // JVNDB: JVNDB-2014-003993 // CNNVD: CNNVD-201408-464 // NVD: CVE-2014-3351

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-71291 // JVNDB: JVNDB-2014-003993 // NVD: CVE-2014-3351

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-464

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201408-464

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003993

PATCH
title:Cisco Intelligent Automation for Cloud Enumeration Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3351
Trust: 0.8
title:35476url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35476
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003993

EXTERNAL IDS
db:NVDid:CVE-2014-3351
Trust: 2.8
db:BIDid:69456
Trust: 1.4
db:SECUNIAid:60960
Trust: 1.1
db:SECTRACKid:1030782
Trust: 1.1
db:JVNDBid:JVNDB-2014-003993
Trust: 0.8
db:CNNVDid:CNNVD-201408-464
Trust: 0.7
db:VULHUBid:VHN-71291
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71291 // 
            
            
            
            BID: 69456 // 
            
            
            
            JVNDB: JVNDB-2014-003993 // 
            
            
            
            CNNVD: CNNVD-201408-464 // 
            
            
            
            NVD: CVE-2014-3351

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3351
Trust: 1.7
url:http://www.securityfocus.com/bid/69456
Trust: 1.1
url:http://www.securitytracker.com/id/1030782
Trust: 1.1
url:http://secunia.com/advisories/60960
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/95585
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3351
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3351
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71291 // 
            
            
            
            BID: 69456 // 
            
            
            
            JVNDB: JVNDB-2014-003993 // 
            
            
            
            CNNVD: CNNVD-201408-464 // 
            
            
            
            NVD: CVE-2014-3351

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 69456

SOURCES
db:VULHUBid:VHN-71291
db:BIDid:69456
db:JVNDBid:JVNDB-2014-003993
db:CNNVDid:CNNVD-201408-464
db:NVDid:CVE-2014-3351

LAST UPDATE DATE
2025-04-13T23:39:09.621000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71291date:2017-08-29T00:00:00
db:BIDid:69456date:2014-09-01T00:04:00
db:JVNDBid:JVNDB-2014-003993date:2014-09-01T00:00:00
db:CNNVDid:CNNVD-201408-464date:2014-09-02T00:00:00
db:NVDid:CVE-2014-3351date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-71291date:2014-08-29T00:00:00
db:BIDid:69456date:2014-08-28T00:00:00
db:JVNDBid:JVNDB-2014-003993date:2014-09-01T00:00:00
db:CNNVDid:CNNVD-201408-464date:2014-08-29T00:00:00
db:NVDid:CVE-2014-3351date:2014-08-29T09:55:08.290