Sign-up

ID

VAR-201401-0327


CVE

CVE-2014-0663


TITLE

Cisco Secure Access Control System of Web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-001023

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625. Cisco Secure ACS is a central management platform for Cisco network devices that controls device authentication and authorization. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCum03625. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Trust: 2.52

sources: NVD: CVE-2014-0663 // JVNDB: JVNDB-2014-001023 // CNVD: CNVD-2014-00261 // BID: 64773 // VULHUB: VHN-68156

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00261

AFFECTED PRODUCTS

vendor:ciscomodel:secure access control systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:secure access control system softwarescope:lteversion:5.4(0.46.3)

Trust: 0.8

vendor:ciscomodel:secure access control systemscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2014-00261 // JVNDB: JVNDB-2014-001023 // CNNVD: CNNVD-201401-151 // NVD: CVE-2014-0663

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0663
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0663
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00261
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-151
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68156
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0663
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00261
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-68156
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00261 // VULHUB: VHN-68156 // JVNDB: JVNDB-2014-001023 // CNNVD: CNNVD-201401-151 // NVD: CVE-2014-0663

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-68156 // JVNDB: JVNDB-2014-001023 // NVD: CVE-2014-0663

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-151

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201401-151

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001023

PATCH
title:Cisco Secure Access Control System Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0663
Trust: 0.8
title:32403url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32403
Trust: 0.8
title:Patch for Cisco Secure Access Control System Cross-Site Scripting Vulnerability (CNVD-2014-00261)url:https://www.cnvd.org.cn/patchInfo/show/42308
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00261 // 
            
            
            
            JVNDB: JVNDB-2014-001023

EXTERNAL IDS
db:NVDid:CVE-2014-0663
Trust: 3.4
db:BIDid:64773
Trust: 2.0
db:SECUNIAid:56382
Trust: 1.1
db:SECTRACKid:1029595
Trust: 1.1
db:OSVDBid:101914
Trust: 1.1
db:JVNDBid:JVNDB-2014-001023
Trust: 0.8
db:CNNVDid:CNNVD-201401-151
Trust: 0.7
db:CNVDid:CNVD-2014-00261
Trust: 0.6
db:CISCOid:20140110 CISCO SECURE ACCESS CONTROL SYSTEM CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-68156
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00261 // 
            
            
            
            VULHUB: VHN-68156 // 
            
            
            
            BID: 64773 // 
            
            
            
            JVNDB: JVNDB-2014-001023 // 
            
            
            
            CNNVD: CNNVD-201401-151 // 
            
            
            
            NVD: CVE-2014-0663

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0663
Trust: 2.3
url:http://www.securityfocus.com/bid/64773
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32403
Trust: 1.1
url:http://osvdb.org/101914
Trust: 1.1
url:http://www.securitytracker.com/id/1029595
Trust: 1.1
url:http://secunia.com/advisories/56382
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90232
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0663
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0663
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2014-00261 // 
            
            
            
            VULHUB: VHN-68156 // 
            
            
            
            JVNDB: JVNDB-2014-001023 // 
            
            
            
            CNNVD: CNNVD-201401-151 // 
            
            
            
            NVD: CVE-2014-0663

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64773

SOURCES
db:CNVDid:CNVD-2014-00261
db:VULHUBid:VHN-68156
db:BIDid:64773
db:JVNDBid:JVNDB-2014-001023
db:CNNVDid:CNNVD-201401-151
db:NVDid:CVE-2014-0663

LAST UPDATE DATE
2024-11-23T22:42:38.642000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00261date:2014-01-15T00:00:00
db:VULHUBid:VHN-68156date:2017-08-29T00:00:00
db:BIDid:64773date:2014-01-14T01:32:00
db:JVNDBid:JVNDB-2014-001023date:2014-01-14T00:00:00
db:CNNVDid:CNNVD-201401-151date:2014-01-13T00:00:00
db:NVDid:CVE-2014-0663date:2024-11-21T02:02:36.917

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00261date:2014-01-14T00:00:00
db:VULHUBid:VHN-68156date:2014-01-10T00:00:00
db:BIDid:64773date:2014-01-10T00:00:00
db:JVNDBid:JVNDB-2014-001023date:2014-01-14T00:00:00
db:CNNVDid:CNNVD-201401-151date:2014-01-13T00:00:00
db:NVDid:CVE-2014-0663date:2014-01-10T16:47:06.067