Sign-up

ID

VAR-201404-0566


CVE

CVE-2014-2115


TITLE

Cisco Emergency Responder Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2014-02183 // CNNVD: CNNVD-201404-060

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250. This vulnerability Bug ID CSCun24250 It is released as.A third party may be able to hijack the authentication of any user. It ensures that Cisco Callmanager can transfer emergency calls directly to the appropriate Public Safety Answering Point (PSAP). Exploiting the issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCun24250. The software provides features such as real-time location tracking database and caller's location

Trust: 2.52

sources: NVD: CVE-2014-2115 // JVNDB: JVNDB-2014-001909 // CNVD: CNVD-2014-02183 // BID: 66631 // VULHUB: VHN-70054

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02183

AFFECTED PRODUCTS

vendor:ciscomodel:emergency responderscope:lteversion:8.6

Trust: 1.0

vendor:ciscomodel:emergency responderscope: - version: -

Trust: 0.8

vendor:ciscomodel:emergency responder softwarescope:lteversion:8.6

Trust: 0.8

vendor:ciscomodel:emergency responderscope:ltversion:8.6

Trust: 0.6

vendor:ciscomodel:emergency responderscope:eqversion:8.6

Trust: 0.6

sources: CNVD: CNVD-2014-02183 // JVNDB: JVNDB-2014-001909 // CNNVD: CNNVD-201404-060 // NVD: CVE-2014-2115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2115
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2115
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-02183
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201404-060
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70054
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2115
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-02183
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-70054
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-02183 // VULHUB: VHN-70054 // JVNDB: JVNDB-2014-001909 // CNNVD: CNNVD-201404-060 // NVD: CVE-2014-2115

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-70054 // JVNDB: JVNDB-2014-001909 // NVD: CVE-2014-2115

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-060

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201404-060

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001909

PATCH
title:Cisco Emergency Responder Cross-Site Request Forgery Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2115
Trust: 0.8
title:33643url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33643
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001909

EXTERNAL IDS
db:NVDid:CVE-2014-2115
Trust: 3.4
db:BIDid:66631
Trust: 2.0
db:SECTRACKid:1030019
Trust: 1.1
db:JVNDBid:JVNDB-2014-001909
Trust: 0.8
db:CNNVDid:CNNVD-201404-060
Trust: 0.7
db:OSVDBid:105346
Trust: 0.6
db:CNVDid:CNVD-2014-02183
Trust: 0.6
db:CISCOid:20140403 CISCO EMERGENCY RESPONDER CROSS-SITE REQUEST FORGERY VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-70054
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-02183 // 
            
            
            
            VULHUB: VHN-70054 // 
            
            
            
            BID: 66631 // 
            
            
            
            JVNDB: JVNDB-2014-001909 // 
            
            
            
            CNNVD: CNNVD-201404-060 // 
            
            
            
            NVD: CVE-2014-2115

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2115
Trust: 2.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=33643
Trust: 1.7
url:http://www.securityfocus.com/bid/66631
Trust: 1.1
url:http://www.securitytracker.com/id/1030019
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2115
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2115
Trust: 0.8
url:http://osvdb.com/show/osvdb/105346
Trust: 0.6
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-02183 // 
            
            
            
            VULHUB: VHN-70054 // 
            
            
            
            BID: 66631 // 
            
            
            
            JVNDB: JVNDB-2014-001909 // 
            
            
            
            CNNVD: CNNVD-201404-060 // 
            
            
            
            NVD: CVE-2014-2115

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 66631

SOURCES
db:CNVDid:CNVD-2014-02183
db:VULHUBid:VHN-70054
db:BIDid:66631
db:JVNDBid:JVNDB-2014-001909
db:CNNVDid:CNNVD-201404-060
db:NVDid:CVE-2014-2115

LAST UPDATE DATE
2024-11-23T21:45:11.090000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-02183date:2014-04-10T00:00:00
db:VULHUBid:VHN-70054date:2015-09-16T00:00:00
db:BIDid:66631date:2014-04-08T00:47:00
db:JVNDBid:JVNDB-2014-001909date:2014-04-07T00:00:00
db:CNNVDid:CNNVD-201404-060date:2014-04-10T00:00:00
db:NVDid:CVE-2014-2115date:2024-11-21T02:05:40.880

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-02183date:2014-04-09T00:00:00
db:VULHUBid:VHN-70054date:2014-04-04T00:00:00
db:BIDid:66631date:2014-04-03T00:00:00
db:JVNDBid:JVNDB-2014-001909date:2014-04-07T00:00:00
db:CNNVDid:CNNVD-201404-060date:2014-04-10T00:00:00
db:NVDid:CVE-2014-2115date:2014-04-04T15:10:37.387