Sign-up

ID

VAR-201404-0568


CVE

CVE-2014-2117


TITLE

Cisco Emergency Responder Open redirect vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2014-001911 // CNNVD: CNNVD-201404-062

DESCRIPTION

Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909. Cisco Emergency Responder (ER) Contains an open redirect vulnerability. It ensures that Cisco Callmanager can transfer emergency calls directly to the appropriate Public Safety Answering Point (PSAP). An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. This issue is being tracked by Cisco Bug ID CSCun37909. The software provides features such as real-time location tracking database and caller's location

Trust: 2.52

sources: NVD: CVE-2014-2117 // JVNDB: JVNDB-2014-001911 // CNVD: CNVD-2014-02184 // BID: 66634 // VULHUB: VHN-70056

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02184

AFFECTED PRODUCTS

vendor:ciscomodel:emergency responderscope:lteversion:8.6

Trust: 1.0

vendor:ciscomodel:emergency responderscope: - version: -

Trust: 0.8

vendor:ciscomodel:emergency responder softwarescope:lteversion:8.6

Trust: 0.8

vendor:ciscomodel:emergency responderscope:ltversion:8.6

Trust: 0.6

vendor:ciscomodel:emergency responderscope:eqversion:8.6

Trust: 0.6

sources: CNVD: CNVD-2014-02184 // JVNDB: JVNDB-2014-001911 // CNNVD: CNNVD-201404-062 // NVD: CVE-2014-2117

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2117
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2117
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-02184
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201404-062
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70056
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2117
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-02184
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-70056
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-02184 // VULHUB: VHN-70056 // JVNDB: JVNDB-2014-001911 // CNNVD: CNNVD-201404-062 // NVD: CVE-2014-2117

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-70056 // JVNDB: JVNDB-2014-001911 // NVD: CVE-2014-2117

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-062

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201404-062

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001911

PATCH
title:Cisco Emergency Responder Open Redirect Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2117
Trust: 0.8
title:33642url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33642
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001911

EXTERNAL IDS
db:NVDid:CVE-2014-2117
Trust: 3.4
db:BIDid:66634
Trust: 2.0
db:SECTRACKid:1030019
Trust: 1.1
db:JVNDBid:JVNDB-2014-001911
Trust: 0.8
db:CNNVDid:CNNVD-201404-062
Trust: 0.7
db:OSVDBid:105345
Trust: 0.6
db:CNVDid:CNVD-2014-02184
Trust: 0.6
db:CISCOid:20140403 CISCO EMERGENCY RESPONDER OPEN REDIRECT VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-70056
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-02184 // 
            
            
            
            VULHUB: VHN-70056 // 
            
            
            
            BID: 66634 // 
            
            
            
            JVNDB: JVNDB-2014-001911 // 
            
            
            
            CNNVD: CNNVD-201404-062 // 
            
            
            
            NVD: CVE-2014-2117

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2117
Trust: 2.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=33642
Trust: 1.7
url:http://www.securityfocus.com/bid/66634
Trust: 1.1
url:http://www.securitytracker.com/id/1030019
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2117
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2117
Trust: 0.8
url:http://osvdb.com/show/osvdb/105345
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-02184 // 
            
            
            
            VULHUB: VHN-70056 // 
            
            
            
            BID: 66634 // 
            
            
            
            JVNDB: JVNDB-2014-001911 // 
            
            
            
            CNNVD: CNNVD-201404-062 // 
            
            
            
            NVD: CVE-2014-2117

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 66634

SOURCES
db:CNVDid:CNVD-2014-02184
db:VULHUBid:VHN-70056
db:BIDid:66634
db:JVNDBid:JVNDB-2014-001911
db:CNNVDid:CNNVD-201404-062
db:NVDid:CVE-2014-2117

LAST UPDATE DATE
2024-11-23T21:45:11.194000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-02184date:2014-04-10T00:00:00
db:VULHUBid:VHN-70056date:2015-09-16T00:00:00
db:BIDid:66634date:2014-04-08T03:08:00
db:JVNDBid:JVNDB-2014-001911date:2014-04-07T00:00:00
db:CNNVDid:CNNVD-201404-062date:2014-04-09T00:00:00
db:NVDid:CVE-2014-2117date:2024-11-21T02:05:41.123

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-02184date:2014-04-09T00:00:00
db:VULHUBid:VHN-70056date:2014-04-04T00:00:00
db:BIDid:66634date:2014-04-03T00:00:00
db:JVNDBid:JVNDB-2014-001911date:2014-04-07T00:00:00
db:CNNVDid:CNNVD-201404-062date:2014-04-09T00:00:00
db:NVDid:CVE-2014-2117date:2014-04-04T15:10:37.450