Sign-up

ID

VAR-201404-0565


CVE

CVE-2014-2114


TITLE

Cisco Emergency Responder Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2014-02182 // CNNVD: CNNVD-201404-059

DESCRIPTION

Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384. It ensures that Cisco Callmanager can transfer emergency calls directly to the appropriate Public Safety Answering Point (PSAP). An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCun24384. The software provides features such as real-time location tracking database and caller's location

Trust: 2.52

sources: NVD: CVE-2014-2114 // JVNDB: JVNDB-2014-001908 // CNVD: CNVD-2014-02182 // BID: 66635 // VULHUB: VHN-70053

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02182

AFFECTED PRODUCTS

vendor:ciscomodel:emergency responderscope:lteversion:8.6

Trust: 1.0

vendor:ciscomodel:emergency responderscope: - version: -

Trust: 0.8

vendor:ciscomodel:emergency responder softwarescope:lteversion:8.6

Trust: 0.8

vendor:ciscomodel:emergency responderscope:ltversion:8.6

Trust: 0.6

vendor:ciscomodel:emergency responderscope:eqversion:8.6

Trust: 0.6

sources: CNVD: CNVD-2014-02182 // JVNDB: JVNDB-2014-001908 // CNNVD: CNNVD-201404-059 // NVD: CVE-2014-2114

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2114
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2114
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-02182
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201404-059
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70053
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2114
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-02182
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-70053
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-02182 // VULHUB: VHN-70053 // JVNDB: JVNDB-2014-001908 // CNNVD: CNNVD-201404-059 // NVD: CVE-2014-2114

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-70053 // JVNDB: JVNDB-2014-001908 // NVD: CVE-2014-2114

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-059

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201404-059

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001908

PATCH
title:Cisco Emergency Responder Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2114
Trust: 0.8
title:33644url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33644
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001908

EXTERNAL IDS
db:NVDid:CVE-2014-2114
Trust: 3.4
db:BIDid:66635
Trust: 2.0
db:SECTRACKid:1030019
Trust: 1.1
db:JVNDBid:JVNDB-2014-001908
Trust: 0.8
db:CNNVDid:CNNVD-201404-059
Trust: 0.7
db:OSVDBid:105347
Trust: 0.6
db:CNVDid:CNVD-2014-02182
Trust: 0.6
db:CISCOid:20140403 CISCO EMERGENCY RESPONDER CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-70053
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-02182 // 
            
            
            
            VULHUB: VHN-70053 // 
            
            
            
            BID: 66635 // 
            
            
            
            JVNDB: JVNDB-2014-001908 // 
            
            
            
            CNNVD: CNNVD-201404-059 // 
            
            
            
            NVD: CVE-2014-2114

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2114
Trust: 2.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=33644
Trust: 1.7
url:http://www.securityfocus.com/bid/66635
Trust: 1.1
url:http://www.securitytracker.com/id/1030019
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2114
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2114
Trust: 0.8
url:http://osvdb.com/show/osvdb/105347
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-02182 // 
            
            
            
            VULHUB: VHN-70053 // 
            
            
            
            JVNDB: JVNDB-2014-001908 // 
            
            
            
            CNNVD: CNNVD-201404-059 // 
            
            
            
            NVD: CVE-2014-2114

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 66635

SOURCES
db:CNVDid:CNVD-2014-02182
db:VULHUBid:VHN-70053
db:BIDid:66635
db:JVNDBid:JVNDB-2014-001908
db:CNNVDid:CNNVD-201404-059
db:NVDid:CVE-2014-2114

LAST UPDATE DATE
2024-11-23T21:45:11.125000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-02182date:2014-04-10T00:00:00
db:VULHUBid:VHN-70053date:2015-09-16T00:00:00
db:BIDid:66635date:2014-04-08T02:57:00
db:JVNDBid:JVNDB-2014-001908date:2014-04-07T00:00:00
db:CNNVDid:CNNVD-201404-059date:2014-04-10T00:00:00
db:NVDid:CVE-2014-2114date:2024-11-21T02:05:40.683

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-02182date:2014-04-09T00:00:00
db:VULHUBid:VHN-70053date:2014-04-04T00:00:00
db:BIDid:66635date:2014-04-03T00:00:00
db:JVNDBid:JVNDB-2014-001908date:2014-04-07T00:00:00
db:CNNVDid:CNNVD-201404-059date:2014-04-10T00:00:00
db:NVDid:CVE-2014-2114date:2014-04-04T15:10:20.293