Sign-up

ID

VAR-201403-0464


CVE

CVE-2014-2118


TITLE

Cisco Prime Security Manager Dashboard related HTML Document cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001832

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCun50687. Cisco Prime Security Manager (PRSM) is a multi-device management platform for ASA-CX developed by Cisco. The platform can add multiple ASA CX devices to PRSM's device inventory and apply security policies to their devices

Trust: 1.98

sources: NVD: CVE-2014-2118 // JVNDB: JVNDB-2014-001832 // BID: 66488 // VULHUB: VHN-70057

AFFECTED PRODUCTS

vendor:ciscomodel:prime security managerscope:eqversion:9.2

Trust: 1.6

vendor:ciscomodel:prime security managerscope:eqversion:9.1.2-29

Trust: 1.6

vendor:ciscomodel:prime security managerscope:eqversion:9.2.1-1

Trust: 1.6

vendor:ciscomodel:prime security managerscope:eqversion:9.1.3-10

Trust: 1.6

vendor:ciscomodel:prime security managerscope:eqversion:9.1.3-13

Trust: 1.6

vendor:ciscomodel:prime security managerscope:eqversion:9.1.3-8

Trust: 1.6

vendor:ciscomodel:prime security managerscope:eqversion:9.0

Trust: 1.6

vendor:ciscomodel:prime security managerscope:eqversion:9.1.2-42

Trust: 1.6

vendor:ciscomodel:prime security managerscope:eqversion:9.1

Trust: 1.6

vendor:ciscomodel:prime security managerscope:lteversion:9.2.1-2

Trust: 1.0

vendor:ciscomodel:prime security managerscope:lteversion:9.2(.1-2)

Trust: 0.8

vendor:ciscomodel:prime security managerscope:eqversion:9.2.1-2

Trust: 0.6

sources: JVNDB: JVNDB-2014-001832 // CNNVD: CNNVD-201403-513 // NVD: CVE-2014-2118

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2118
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2118
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201403-513
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70057
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2118
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70057
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70057 // JVNDB: JVNDB-2014-001832 // CNNVD: CNNVD-201403-513 // NVD: CVE-2014-2118

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-70057 // JVNDB: JVNDB-2014-001832 // NVD: CVE-2014-2118

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-513

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201403-513

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001832

PATCH
title:Cisco Prime Security Manager Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2118
Trust: 0.8
title:33542url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33542
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001832

EXTERNAL IDS
db:NVDid:CVE-2014-2118
Trust: 2.8
db:BIDid:66488
Trust: 1.4
db:SECTRACKid:1029968
Trust: 1.1
db:JVNDBid:JVNDB-2014-001832
Trust: 0.8
db:CNNVDid:CNNVD-201403-513
Trust: 0.7
db:CISCOid:20140327 CISCO PRIME SECURITY MANAGER CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:SEEBUGid:SSVID-61984
Trust: 0.1
db:VULHUBid:VHN-70057
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70057 // 
            
            
            
            BID: 66488 // 
            
            
            
            JVNDB: JVNDB-2014-001832 // 
            
            
            
            CNNVD: CNNVD-201403-513 // 
            
            
            
            NVD: CVE-2014-2118

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2118
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=33542
Trust: 1.7
url:http://www.securityfocus.com/bid/66488
Trust: 1.1
url:http://www.securitytracker.com/id/1029968
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2118
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2118
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70057 // 
            
            
            
            BID: 66488 // 
            
            
            
            JVNDB: JVNDB-2014-001832 // 
            
            
            
            CNNVD: CNNVD-201403-513 // 
            
            
            
            NVD: CVE-2014-2118

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 66488

SOURCES
db:VULHUBid:VHN-70057
db:BIDid:66488
db:JVNDBid:JVNDB-2014-001832
db:CNNVDid:CNNVD-201403-513
db:NVDid:CVE-2014-2118

LAST UPDATE DATE
2024-11-23T22:18:38.226000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70057date:2015-09-16T00:00:00
db:BIDid:66488date:2015-03-19T08:20:00
db:JVNDBid:JVNDB-2014-001832date:2014-03-31T00:00:00
db:CNNVDid:CNNVD-201403-513date:2014-03-28T00:00:00
db:NVDid:CVE-2014-2118date:2024-11-21T02:05:41.240

SOURCES RELEASE DATE
db:VULHUBid:VHN-70057date:2014-03-27T00:00:00
db:BIDid:66488date:2014-03-27T00:00:00
db:JVNDBid:JVNDB-2014-001832date:2014-03-31T00:00:00
db:CNNVDid:CNNVD-201403-513date:2014-03-28T00:00:00
db:NVDid:CVE-2014-2118date:2014-03-27T21:55:09.127