Sign-up

ID

VAR-201412-0307


CVE

CVE-2014-8025


TITLE

Cisco Jabber Guest Server API Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-007364

DESCRIPTION

The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801. Cisco Jabber Guest is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to gain access to sensitive information that may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCus19801. Cisco Jabber is a cross-device collaboration system developed by Cisco. The system provides functions such as voice, video, desktop sharing and conferencing

Trust: 1.98

sources: NVD: CVE-2014-8025 // JVNDB: JVNDB-2014-007364 // BID: 71768 // VULHUB: VHN-75970

AFFECTED PRODUCTS

vendor:ciscomodel:jabber guestscope: - version: -

Trust: 1.4

vendor:ciscomodel:jabber guestscope:eqversion:*

Trust: 1.0

sources: JVNDB: JVNDB-2014-007364 // CNNVD: CNNVD-201412-473 // NVD: CVE-2014-8025

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8025
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8025
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-473
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75970
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8025
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75970
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75970 // JVNDB: JVNDB-2014-007364 // CNNVD: CNNVD-201412-473 // NVD: CVE-2014-8025

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-75970 // JVNDB: JVNDB-2014-007364 // NVD: CVE-2014-8025

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-473

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201412-473

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007364

PATCH
title:Cisco Jabber Guest Server HTML5 Response Disclosureurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8025
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007364

EXTERNAL IDS
db:NVDid:CVE-2014-8025
Trust: 2.8
db:BIDid:71768
Trust: 1.4
db:SECTRACKid:1031422
Trust: 1.1
db:JVNDBid:JVNDB-2014-007364
Trust: 0.8
db:CNNVDid:CNNVD-201412-473
Trust: 0.7
db:VULHUBid:VHN-75970
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75970 // 
            
            
            
            BID: 71768 // 
            
            
            
            JVNDB: JVNDB-2014-007364 // 
            
            
            
            CNNVD: CNNVD-201412-473 // 
            
            
            
            NVD: CVE-2014-8025

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8025
Trust: 1.7
url:http://www.securityfocus.com/bid/71768
Trust: 1.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=36871
Trust: 1.1
url:http://www.securitytracker.com/id/1031422
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8025
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8025
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-75970 // 
            
            
            
            BID: 71768 // 
            
            
            
            JVNDB: JVNDB-2014-007364 // 
            
            
            
            CNNVD: CNNVD-201412-473 // 
            
            
            
            NVD: CVE-2014-8025

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71768

SOURCES
db:VULHUBid:VHN-75970
db:BIDid:71768
db:JVNDBid:JVNDB-2014-007364
db:CNNVDid:CNNVD-201412-473
db:NVDid:CVE-2014-8025

LAST UPDATE DATE
2025-04-13T23:23:51.409000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75970date:2017-01-03T00:00:00
db:BIDid:71768date:2015-01-12T00:03:00
db:JVNDBid:JVNDB-2014-007364date:2014-12-24T00:00:00
db:CNNVDid:CNNVD-201412-473date:2014-12-24T00:00:00
db:NVDid:CVE-2014-8025date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-75970date:2014-12-23T00:00:00
db:BIDid:71768date:2014-12-22T00:00:00
db:JVNDBid:JVNDB-2014-007364date:2014-12-24T00:00:00
db:CNNVDid:CNNVD-201412-473date:2014-12-23T00:00:00
db:NVDid:CVE-2014-8025date:2014-12-23T02:59:05.670