Sign-up

ID

VAR-201410-0067


CVE

CVE-2014-3408


TITLE

Cisco Prime Optical of Web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-004986

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuq80763. The solution helps operators efficiently implement end-to-end circuit creation and manage each node in the converged network through automated configuration and troubleshooting. The vulnerability is caused by the program not validating parameters correctly

Trust: 1.98

sources: NVD: CVE-2014-3408 // JVNDB: JVNDB-2014-004986 // BID: 70594 // VULHUB: VHN-71348

AFFECTED PRODUCTS

vendor:ciscomodel:prime opticalscope:eqversion:10.0

Trust: 1.6

vendor:ciscomodel:prime opticalscope:eqversion:10

Trust: 0.8

sources: JVNDB: JVNDB-2014-004986 // CNNVD: CNNVD-201410-634 // NVD: CVE-2014-3408

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3408
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3408
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201410-634
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71348
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3408
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71348
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71348 // JVNDB: JVNDB-2014-004986 // CNNVD: CNNVD-201410-634 // NVD: CVE-2014-3408

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-71348 // JVNDB: JVNDB-2014-004986 // NVD: CVE-2014-3408

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-634

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201410-634

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004986

PATCH
title:Cisco Prime Optical Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3408
Trust: 0.8
title:36099url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36099
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-004986

EXTERNAL IDS
db:NVDid:CVE-2014-3408
Trust: 2.8
db:BIDid:70594
Trust: 1.4
db:JVNDBid:JVNDB-2014-004986
Trust: 0.8
db:CNNVDid:CNNVD-201410-634
Trust: 0.7
db:VULHUBid:VHN-71348
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71348 // 
            
            
            
            BID: 70594 // 
            
            
            
            JVNDB: JVNDB-2014-004986 // 
            
            
            
            CNNVD: CNNVD-201410-634 // 
            
            
            
            NVD: CVE-2014-3408

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3408
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=36099
Trust: 1.7
url:http://www.securityfocus.com/bid/70594
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3408
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3408
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71348 // 
            
            
            
            BID: 70594 // 
            
            
            
            JVNDB: JVNDB-2014-004986 // 
            
            
            
            CNNVD: CNNVD-201410-634 // 
            
            
            
            NVD: CVE-2014-3408

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 70594

SOURCES
db:VULHUBid:VHN-71348
db:BIDid:70594
db:JVNDBid:JVNDB-2014-004986
db:CNNVDid:CNNVD-201410-634
db:NVDid:CVE-2014-3408

LAST UPDATE DATE
2025-04-13T23:14:42.599000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71348date:2015-09-10T00:00:00
db:BIDid:70594date:2014-10-16T06:01:00
db:JVNDBid:JVNDB-2014-004986date:2014-10-24T00:00:00
db:CNNVDid:CNNVD-201410-634date:2014-10-22T00:00:00
db:NVDid:CVE-2014-3408date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-71348date:2014-10-19T00:00:00
db:BIDid:70594date:2014-10-15T00:00:00
db:JVNDBid:JVNDB-2014-004986date:2014-10-24T00:00:00
db:CNNVDid:CNNVD-201410-634date:2014-10-22T00:00:00
db:NVDid:CVE-2014-3408date:2014-10-19T01:55:13.717