Sign-up

ID

VAR-202001-1342


CVE

CVE-2014-3809


TITLE

Alcatel-Lucent 1830 Photonic Service Switch Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2014-008865

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. Alcatel-Lucent 1830 Photonic Service Switch is a photonic service switch that supports next-generation WDM multi-service transmission from access to the core. This could allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 2.43

sources: NVD: CVE-2014-3809 // JVNDB: JVNDB-2014-008865 // CNVD: CNVD-2014-08685 // BID: 71401

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-08685

AFFECTED PRODUCTS

vendor:nokiamodel:1830 photonic service switch-16scope:lteversion:6.0

Trust: 1.0

vendor:nokiamodel:1830 photonic service switch-32scope:lteversion:6.0

Trust: 1.0

vendor:nokiamodel:1830 photonic service switch-4scope:lteversion:6.0

Trust: 1.0

vendor:nokiamodel:1830 photonic service switch -16scope:eqversion:6.0

Trust: 0.8

vendor:nokiamodel:1830 photonic service switch -32scope:eqversion:6.0

Trust: 0.8

vendor:nokiamodel:1830 photonic service switch -4scope:eqversion:6.0

Trust: 0.8

vendor:alcatel lucentmodel:photonic service switchscope:eqversion:1830<=6.0

Trust: 0.6

vendor:alcatel lucentmodel:photonic service switchscope:eqversion:18306.0

Trust: 0.3

sources: CNVD: CNVD-2014-08685 // BID: 71401 // JVNDB: JVNDB-2014-008865 // NVD: CVE-2014-3809

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3809
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2014-008865
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-08685
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201412-049
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2014-3809
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2014-008865
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-08685
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2014-3809
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2014-008865
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2014-08685 // JVNDB: JVNDB-2014-008865 // CNNVD: CNNVD-201412-049 // NVD: CVE-2014-3809

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2014-008865 // NVD: CVE-2014-3809

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-049

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201412-049

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008865

PATCH
title:1830 Photonic Service Switchurl:https://www.nokia.com/networks/products/1830-photonic-service-switch/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008865

EXTERNAL IDS
db:NVDid:CVE-2014-3809
Trust: 3.3
db:BIDid:71401
Trust: 0.9
db:JVNDBid:JVNDB-2014-008865
Trust: 0.8
db:CNVDid:CNVD-2014-08685
Trust: 0.6
db:CNNVDid:CNNVD-201412-049
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-08685 // 
            
            
            
            BID: 71401 // 
            
            
            
            JVNDB: JVNDB-2014-008865 // 
            
            
            
            CNNVD: CNNVD-201412-049 // 
            
            
            
            NVD: CVE-2014-3809

REFERENCES
url:https://www.securityfocus.com/archive/1/534124
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2014-3809
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3809
Trust: 0.8
url:http://www.securityfocus.com/bid/71401
Trust: 0.6
url:http://www.alcatel-lucent.com/products/1830-photonic-service-switch
Trust: 0.3
url:http://www.alcatel-lucent.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-08685 // 
            
            
            
            BID: 71401 // 
            
            
            
            JVNDB: JVNDB-2014-008865 // 
            
            
            
            CNNVD: CNNVD-201412-049 // 
            
            
            
            NVD: CVE-2014-3809

CREDITS
Stephan Rickauer
Trust: 0.9
sources:
            
            
            BID: 71401 // 
            
            
            
            CNNVD: CNNVD-201412-049

SOURCES
db:CNVDid:CNVD-2014-08685
db:BIDid:71401
db:JVNDBid:JVNDB-2014-008865
db:CNNVDid:CNNVD-201412-049
db:NVDid:CVE-2014-3809

LAST UPDATE DATE
2024-11-23T22:44:44.904000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-08685date:2014-12-04T00:00:00
db:BIDid:71401date:2014-12-01T00:00:00
db:JVNDBid:JVNDB-2014-008865date:2020-02-18T00:00:00
db:CNNVDid:CNNVD-201412-049date:2020-05-29T00:00:00
db:NVDid:CVE-2014-3809date:2024-11-21T02:08:53.623

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-08685date:2014-12-04T00:00:00
db:BIDid:71401date:2014-12-01T00:00:00
db:JVNDBid:JVNDB-2014-008865date:2020-02-18T00:00:00
db:CNNVDid:CNNVD-201412-049date:2014-12-03T00:00:00
db:NVDid:CVE-2014-3809date:2020-01-31T22:15:10.293