Details of VAR-201408-0172

ID

VAR-201408-0172

CVE

CVE-2014-3352

TITLE

Cisco Intelligent Automation for Cloud Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-004008

DESCRIPTION

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh84801. Vendors have confirmed this vulnerability Bug ID CSCuh84801 It is released as.A third party may be able to obtain important information via a crafted packet. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCuh84801. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures. The vulnerability is due to the fact that the program does not fully verify the null session

Trust: 1.98

sources: NVD: CVE-2014-3352 // JVNDB: JVNDB-2014-004008 // BID: 69458 // VULHUB: VHN-71292

AFFECTED PRODUCTS

vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.3.1	Trust: 1.6
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.3	Trust: 1.6
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.3.2	Trust: 1.6
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.1	Trust: 1.6
vendor:	cisco	model:	cloud portal	scope:	eq	version:	2008.3	Trust: 1.6
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.4	Trust: 1.6
vendor:	cisco	model:	cloud portal	scope:	lte	version:	2008.3	Trust: 1.0
vendor:	cisco	model:	cloud portal	scope:	lte	version:	2008.3_sp9	Trust: 0.8

sources: JVNDB: JVNDB-2014-004008 // CNNVD: CNNVD-201408-471 // NVD: CVE-2014-3352

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3352
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3352
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201408-471
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71292
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3352
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71292
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71292 // JVNDB: JVNDB-2014-004008 // CNNVD: CNNVD-201408-471 // NVD: CVE-2014-3352

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-71292 // JVNDB: JVNDB-2014-004008 // NVD: CVE-2014-3352

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-471

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201408-471

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004008

PATCH

title:	Cisco Intelligent Automation for Cloud iFrame Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3352	Trust: 0.8
title:	35479	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35479	Trust: 0.8

sources: JVNDB: JVNDB-2014-004008

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3352	Trust: 2.8
db:	BID	id:	69458	Trust: 1.4
db:	SECUNIA	id:	60956	Trust: 1.1
db:	SECTRACK	id:	1030785	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004008	Trust: 0.8
db:	CNNVD	id:	CNNVD-201408-471	Trust: 0.7
db:	VULHUB	id:	VHN-71292	Trust: 0.1

sources: VULHUB: VHN-71292 // BID: 69458 // JVNDB: JVNDB-2014-004008 // CNNVD: CNNVD-201408-471 // NVD: CVE-2014-3352

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3352	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35479	Trust: 1.7
url:	http://www.securityfocus.com/bid/69458	Trust: 1.1
url:	http://www.securitytracker.com/id/1030785	Trust: 1.1
url:	http://secunia.com/advisories/60956	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/95605	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3352	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3352	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-71292 // BID: 69458 // JVNDB: JVNDB-2014-004008 // CNNVD: CNNVD-201408-471 // NVD: CVE-2014-3352

CREDITS

Cisco

Trust: 0.3

sources: BID: 69458

SOURCES

db:	VULHUB	id:	VHN-71292
db:	BID	id:	69458
db:	JVNDB	id:	JVNDB-2014-004008
db:	CNNVD	id:	CNNVD-201408-471
db:	NVD	id:	CVE-2014-3352

LAST UPDATE DATE

2025-04-13T23:21:25.515000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71292	date:	2017-08-29T00:00:00
db:	BID	id:	69458	date:	2014-09-01T01:23:00
db:	JVNDB	id:	JVNDB-2014-004008	date:	2014-09-03T00:00:00
db:	CNNVD	id:	CNNVD-201408-471	date:	2014-09-02T00:00:00
db:	NVD	id:	CVE-2014-3352	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71292	date:	2014-08-30T00:00:00
db:	BID	id:	69458	date:	2014-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2014-004008	date:	2014-09-03T00:00:00
db:	CNNVD	id:	CNNVD-201408-471	date:	2014-08-30T00:00:00
db:	NVD	id:	CVE-2014-3352	date:	2014-08-30T09:55:05.237