Sign-up

ID

VAR-201404-0567


CVE

CVE-2014-2116


TITLE

Cisco Emergency Responder In Web Page insertion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001910

DESCRIPTION

Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882. The Cisco Emergency Responder (ER) enhances the emergency call capabilities of Cisco CallManager. It ensures that Cisco Callmanager can transfer emergency calls directly to the appropriate Public Safety Answering Point (PSAP). An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID CSCun37882. The software provides features such as real-time location tracking database and caller's location

Trust: 2.52

sources: NVD: CVE-2014-2116 // JVNDB: JVNDB-2014-001910 // CNVD: CNVD-2014-02185 // BID: 66632 // VULHUB: VHN-70055

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02185

AFFECTED PRODUCTS

vendor:ciscomodel:emergency responderscope:lteversion:8.6

Trust: 1.0

vendor:ciscomodel:emergency responderscope: - version: -

Trust: 0.8

vendor:ciscomodel:emergency responder softwarescope:lteversion:8.6

Trust: 0.8

vendor:ciscomodel:emergency responderscope:ltversion:8.6

Trust: 0.6

vendor:ciscomodel:emergency responderscope:eqversion:8.6

Trust: 0.6

sources: CNVD: CNVD-2014-02185 // JVNDB: JVNDB-2014-001910 // CNNVD: CNNVD-201404-061 // NVD: CVE-2014-2116

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2116
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2116
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-02185
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201404-061
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70055
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2116
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-02185
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-70055
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-02185 // VULHUB: VHN-70055 // JVNDB: JVNDB-2014-001910 // CNNVD: CNNVD-201404-061 // NVD: CVE-2014-2116

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-70055 // JVNDB: JVNDB-2014-001910 // NVD: CVE-2014-2116

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-061

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201404-061

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001910

PATCH
title:Cisco Emergency Responder Dynamic Content Modification Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2116
Trust: 0.8
title:33641url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33641
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001910

EXTERNAL IDS
db:NVDid:CVE-2014-2116
Trust: 3.4
db:BIDid:66632
Trust: 2.0
db:SECTRACKid:1030019
Trust: 1.1
db:JVNDBid:JVNDB-2014-001910
Trust: 0.8
db:CNNVDid:CNNVD-201404-061
Trust: 0.7
db:OSVDBid:105348
Trust: 0.6
db:CNVDid:CNVD-2014-02185
Trust: 0.6
db:CISCOid:20140403 CISCO EMERGENCY RESPONDER DYNAMIC CONTENT MODIFICATION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-70055
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-02185 // 
            
            
            
            VULHUB: VHN-70055 // 
            
            
            
            BID: 66632 // 
            
            
            
            JVNDB: JVNDB-2014-001910 // 
            
            
            
            CNNVD: CNNVD-201404-061 // 
            
            
            
            NVD: CVE-2014-2116

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2116
Trust: 2.3
url:http://www.securityfocus.com/bid/66632
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=33641
Trust: 1.7
url:http://www.securitytracker.com/id/1030019
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2116
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2116
Trust: 0.8
url:http://osvdb.com/show/osvdb/105348
Trust: 0.6
url:www.cisco.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-02185 // 
            
            
            
            VULHUB: VHN-70055 // 
            
            
            
            BID: 66632 // 
            
            
            
            JVNDB: JVNDB-2014-001910 // 
            
            
            
            CNNVD: CNNVD-201404-061 // 
            
            
            
            NVD: CVE-2014-2116

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 66632

SOURCES
db:CNVDid:CNVD-2014-02185
db:VULHUBid:VHN-70055
db:BIDid:66632
db:JVNDBid:JVNDB-2014-001910
db:CNNVDid:CNNVD-201404-061
db:NVDid:CVE-2014-2116

LAST UPDATE DATE
2024-11-23T21:45:11.160000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-02185date:2014-04-10T00:00:00
db:VULHUBid:VHN-70055date:2015-09-16T00:00:00
db:BIDid:66632date:2014-04-08T00:57:00
db:JVNDBid:JVNDB-2014-001910date:2014-04-07T00:00:00
db:CNNVDid:CNNVD-201404-061date:2014-04-10T00:00:00
db:NVDid:CVE-2014-2116date:2024-11-21T02:05:41.003

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-02185date:2014-04-09T00:00:00
db:VULHUBid:VHN-70055date:2014-04-04T00:00:00
db:BIDid:66632date:2014-04-03T00:00:00
db:JVNDBid:JVNDB-2014-001910date:2014-04-07T00:00:00
db:CNNVDid:CNNVD-201404-061date:2014-04-10T00:00:00
db:NVDid:CVE-2014-2116date:2014-04-04T15:10:37.403