Sign-up

ID

VAR-201409-0394


CVE

CVE-2014-3367


TITLE

VMware for Cisco Nexus 1000V InterCloud of vCloud Director Component cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-004393

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq90524. Cisco Nexus 1000V InterCloud for VMware is a set of virtual switch software from Cisco Systems that provides Cisco Catalyst switches such as QoS, ACLs, and SPAN in a VMware virtualized environment. vCloud Director is one of the VMware virtual cloud infrastructure tools components. The program did not adequately filter the user-submitted input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuq90524

Trust: 2.52

sources: NVD: CVE-2014-3367 // JVNDB: JVNDB-2014-004393 // CNVD: CNVD-2014-06308 // BID: 70010 // VULHUB: VHN-71307

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-06308

AFFECTED PRODUCTS

vendor:ciscomodel:nexus 1000v intercloudscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:nexus 1000v intercloudscope:lteversion:5.2(1)ic1(1.2)

Trust: 0.8

vendor:ciscomodel:nexus 1000v intercloudscope:lteversion:7.0(2)

Trust: 0.8

vendor:ciscomodel:nexus intercloud for vmwarescope:eqversion:1000v

Trust: 0.6

sources: CNVD: CNVD-2014-06308 // JVNDB: JVNDB-2014-004393 // CNNVD: CNNVD-201409-740 // NVD: CVE-2014-3367

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3367
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3367
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-06308
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201409-740
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71307
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3367
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-06308
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71307
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-06308 // VULHUB: VHN-71307 // JVNDB: JVNDB-2014-004393 // CNNVD: CNNVD-201409-740 // NVD: CVE-2014-3367

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-71307 // JVNDB: JVNDB-2014-004393 // NVD: CVE-2014-3367

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-740

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201409-740

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004393

PATCH
title:Cisco Nexus 1000V Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3367
Trust: 0.8
title:35783url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35783
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-004393

EXTERNAL IDS
db:NVDid:CVE-2014-3367
Trust: 3.4
db:BIDid:70010
Trust: 2.0
db:SECUNIAid:61426
Trust: 1.1
db:SECTRACKid:1030881
Trust: 1.1
db:JVNDBid:JVNDB-2014-004393
Trust: 0.8
db:CNNVDid:CNNVD-201409-740
Trust: 0.7
db:CNVDid:CNVD-2014-06308
Trust: 0.6
db:VULHUBid:VHN-71307
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-06308 // 
            
            
            
            VULHUB: VHN-71307 // 
            
            
            
            BID: 70010 // 
            
            
            
            JVNDB: JVNDB-2014-004393 // 
            
            
            
            CNNVD: CNNVD-201409-740 // 
            
            
            
            NVD: CVE-2014-3367

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3367
Trust: 2.3
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3367
Trust: 1.4
url:http://www.securityfocus.com/bid/70010
Trust: 1.1
url:http://www.securitytracker.com/id/1030881
Trust: 1.1
url:http://secunia.com/advisories/61426
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/96126
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3367
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-06308 // 
            
            
            
            VULHUB: VHN-71307 // 
            
            
            
            BID: 70010 // 
            
            
            
            JVNDB: JVNDB-2014-004393 // 
            
            
            
            CNNVD: CNNVD-201409-740 // 
            
            
            
            NVD: CVE-2014-3367

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 70010

SOURCES
db:CNVDid:CNVD-2014-06308
db:VULHUBid:VHN-71307
db:BIDid:70010
db:JVNDBid:JVNDB-2014-004393
db:CNNVDid:CNNVD-201409-740
db:NVDid:CVE-2014-3367

LAST UPDATE DATE
2025-04-13T23:37:38.685000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-06308date:2014-09-24T00:00:00
db:VULHUBid:VHN-71307date:2017-08-29T00:00:00
db:BIDid:70010date:2014-09-19T00:00:00
db:JVNDBid:JVNDB-2014-004393date:2014-09-25T00:00:00
db:CNNVDid:CNNVD-201409-740date:2014-09-22T00:00:00
db:NVDid:CVE-2014-3367date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-06308date:2014-09-24T00:00:00
db:VULHUBid:VHN-71307date:2014-09-20T00:00:00
db:BIDid:70010date:2014-09-19T00:00:00
db:JVNDBid:JVNDB-2014-004393date:2014-09-25T00:00:00
db:CNNVDid:CNNVD-201409-740date:2014-09-22T00:00:00
db:NVDid:CVE-2014-3367date:2014-09-20T10:55:04.840