Sign-up

ID

VAR-201412-0306


CVE

CVE-2014-8024


TITLE

Cisco Jabber Guest Server API Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-007363

DESCRIPTION

The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST request, aka Bug ID CSCus19789. Cisco Jabber Guest is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to gain access to sensitive information that may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCus19789. Cisco Jabber is a cross-device collaboration system developed by Cisco. The system provides functions such as voice, video, desktop sharing and conferencing

Trust: 1.98

sources: NVD: CVE-2014-8024 // JVNDB: JVNDB-2014-007363 // BID: 71770 // VULHUB: VHN-75969

AFFECTED PRODUCTS

vendor:ciscomodel:jabber guestscope: - version: -

Trust: 1.4

vendor:ciscomodel:jabber guestscope:eqversion:*

Trust: 1.0

sources: JVNDB: JVNDB-2014-007363 // CNNVD: CNNVD-201412-472 // NVD: CVE-2014-8024

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8024
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8024
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-472
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75969
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8024
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75969
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75969 // JVNDB: JVNDB-2014-007363 // CNNVD: CNNVD-201412-472 // NVD: CVE-2014-8024

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-75969 // JVNDB: JVNDB-2014-007363 // NVD: CVE-2014-8024

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-472

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201412-472

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007363

PATCH
title:Cisco Jabber Guest Server HTML5 Cross-Origin Resource Sharingurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8024
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007363

EXTERNAL IDS
db:NVDid:CVE-2014-8024
Trust: 2.8
db:BIDid:71770
Trust: 1.4
db:SECTRACKid:1031422
Trust: 1.1
db:JVNDBid:JVNDB-2014-007363
Trust: 0.8
db:CNNVDid:CNNVD-201412-472
Trust: 0.7
db:VULHUBid:VHN-75969
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75969 // 
            
            
            
            BID: 71770 // 
            
            
            
            JVNDB: JVNDB-2014-007363 // 
            
            
            
            CNNVD: CNNVD-201412-472 // 
            
            
            
            NVD: CVE-2014-8024

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8024
Trust: 1.7
url:http://www.securityfocus.com/bid/71770
Trust: 1.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=36870
Trust: 1.1
url:http://www.securitytracker.com/id/1031422
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8024
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8024
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-75969 // 
            
            
            
            BID: 71770 // 
            
            
            
            JVNDB: JVNDB-2014-007363 // 
            
            
            
            CNNVD: CNNVD-201412-472 // 
            
            
            
            NVD: CVE-2014-8024

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71770

SOURCES
db:VULHUBid:VHN-75969
db:BIDid:71770
db:JVNDBid:JVNDB-2014-007363
db:CNNVDid:CNNVD-201412-472
db:NVDid:CVE-2014-8024

LAST UPDATE DATE
2025-04-12T23:09:18.121000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75969date:2017-01-03T00:00:00
db:BIDid:71770date:2015-01-12T00:02:00
db:JVNDBid:JVNDB-2014-007363date:2014-12-24T00:00:00
db:CNNVDid:CNNVD-201412-472date:2014-12-24T00:00:00
db:NVDid:CVE-2014-8024date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-75969date:2014-12-23T00:00:00
db:BIDid:71770date:2014-12-22T00:00:00
db:JVNDBid:JVNDB-2014-007363date:2014-12-24T00:00:00
db:CNNVDid:CNNVD-201412-472date:2014-12-23T00:00:00
db:NVDid:CVE-2014-8024date:2014-12-23T02:59:04.453