Sign-up

ID

VAR-201401-0335


CVE

CVE-2014-0671


TITLE

Cisco MediaSense Open redirect vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2014-001226 // CNNVD: CNNVD-201401-421

DESCRIPTION

Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749. Cisco MediaSense Contains an open redirect vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. This issue is being tracked by Cisco Bug ID CSCum16749. Cisco MediaSense is a set of network-based scalable recording platform of Cisco (Cisco). The platform can be used to record speech and video, etc

Trust: 1.98

sources: NVD: CVE-2014-0671 // JVNDB: JVNDB-2014-001226 // BID: 65055 // VULHUB: VHN-68164

AFFECTED PRODUCTS

vendor:ciscomodel:mediasensescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:mediasensescope:lteversion:9.1(1)

Trust: 0.8

sources: JVNDB: JVNDB-2014-001226 // CNNVD: CNNVD-201401-421 // NVD: CVE-2014-0671

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0671
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0671
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201401-421
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68164
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0671
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68164
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68164 // JVNDB: JVNDB-2014-001226 // CNNVD: CNNVD-201401-421 // NVD: CVE-2014-0671

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-68164 // JVNDB: JVNDB-2014-001226 // NVD: CVE-2014-0671

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-421

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201401-421

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001226

PATCH
title:Cisco MediaSense Open Redirection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0671
Trust: 0.8
title:32517url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32517
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001226

EXTERNAL IDS
db:NVDid:CVE-2014-0671
Trust: 2.8
db:BIDid:65055
Trust: 1.4
db:SECUNIAid:56544
Trust: 1.1
db:SECTRACKid:1029669
Trust: 1.1
db:OSVDBid:102341
Trust: 1.1
db:JVNDBid:JVNDB-2014-001226
Trust: 0.8
db:CNNVDid:CNNVD-201401-421
Trust: 0.7
db:CISCOid:20140121 CISCO MEDIASENSE OPEN REDIRECTION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-68164
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68164 // 
            
            
            
            BID: 65055 // 
            
            
            
            JVNDB: JVNDB-2014-001226 // 
            
            
            
            CNNVD: CNNVD-201401-421 // 
            
            
            
            NVD: CVE-2014-0671

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0671
Trust: 1.7
url:http://www.securityfocus.com/bid/65055
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32517
Trust: 1.1
url:http://osvdb.org/102341
Trust: 1.1
url:http://www.securitytracker.com/id/1029669
Trust: 1.1
url:http://secunia.com/advisories/56544
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90617
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0671
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0671
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68164 // 
            
            
            
            BID: 65055 // 
            
            
            
            JVNDB: JVNDB-2014-001226 // 
            
            
            
            CNNVD: CNNVD-201401-421 // 
            
            
            
            NVD: CVE-2014-0671

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65055

SOURCES
db:VULHUBid:VHN-68164
db:BIDid:65055
db:JVNDBid:JVNDB-2014-001226
db:CNNVDid:CNNVD-201401-421
db:NVDid:CVE-2014-0671

LAST UPDATE DATE
2024-11-23T22:23:11.871000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68164date:2017-08-29T00:00:00
db:BIDid:65055date:2014-01-24T00:32:00
db:JVNDBid:JVNDB-2014-001226date:2014-01-24T00:00:00
db:CNNVDid:CNNVD-201401-421date:2014-01-24T00:00:00
db:NVDid:CVE-2014-0671date:2024-11-21T02:02:37.920

SOURCES RELEASE DATE
db:VULHUBid:VHN-68164date:2014-01-22T00:00:00
db:BIDid:65055date:2014-01-21T00:00:00
db:JVNDBid:JVNDB-2014-001226date:2014-01-24T00:00:00
db:CNNVDid:CNNVD-201401-421date:2014-01-24T00:00:00
db:NVDid:CVE-2014-0671date:2014-01-22T05:22:20.767