Sign-up

ID

VAR-201404-0569


CVE

CVE-2014-2125


TITLE

Cisco Unity Connection of Web Inbox Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-001893

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCui33028. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free"

Trust: 1.98

sources: NVD: CVE-2014-2125 // JVNDB: JVNDB-2014-001893 // BID: 66558 // VULHUB: VHN-70064

AFFECTED PRODUCTS

vendor:ciscomodel:unity connectionscope:eqversion:8.6\(2a\)

Trust: 1.6

vendor:ciscomodel:unity connectionscope:eqversion:8.6\(1a\)

Trust: 1.6

vendor:ciscomodel:unity connectionscope:eqversion:8.6

Trust: 1.6

vendor:ciscomodel:unity connectionscope:lteversion:8.6

Trust: 1.0

vendor:ciscomodel:unity connectionscope:lteversion:8.6(2a)su3

Trust: 0.8

sources: JVNDB: JVNDB-2014-001893 // CNNVD: CNNVD-201404-031 // NVD: CVE-2014-2125

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2125
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2125
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201404-031
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70064
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2125
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70064
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70064 // JVNDB: JVNDB-2014-001893 // CNNVD: CNNVD-201404-031 // NVD: CVE-2014-2125

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-70064 // JVNDB: JVNDB-2014-001893 // NVD: CVE-2014-2125

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-031

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201404-031

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001893

PATCH
title:Cisco Unity Connection Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2125
Trust: 0.8
title:33603url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33603
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001893

EXTERNAL IDS
db:NVDid:CVE-2014-2125
Trust: 2.8
db:SECTRACKid:1029988
Trust: 1.1
db:JVNDBid:JVNDB-2014-001893
Trust: 0.8
db:CNNVDid:CNNVD-201404-031
Trust: 0.7
db:CISCOid:20140401 CISCO UNITY CONNECTION CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:SECUNIAid:57581
Trust: 0.6
db:BIDid:66558
Trust: 0.4
db:VULHUBid:VHN-70064
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70064 // 
            
            
            
            BID: 66558 // 
            
            
            
            JVNDB: JVNDB-2014-001893 // 
            
            
            
            CNNVD: CNNVD-201404-031 // 
            
            
            
            NVD: CVE-2014-2125

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2125
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=33603
Trust: 1.7
url:http://www.securitytracker.com/id/1029988
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2125
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2125
Trust: 0.8
url:http://secunia.com/advisories/57581
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70064 // 
            
            
            
            BID: 66558 // 
            
            
            
            JVNDB: JVNDB-2014-001893 // 
            
            
            
            CNNVD: CNNVD-201404-031 // 
            
            
            
            NVD: CVE-2014-2125

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 66558

SOURCES
db:VULHUBid:VHN-70064
db:BIDid:66558
db:JVNDBid:JVNDB-2014-001893
db:CNNVDid:CNNVD-201404-031
db:NVDid:CVE-2014-2125

LAST UPDATE DATE
2024-11-23T21:55:25.706000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70064date:2015-09-16T00:00:00
db:BIDid:66558date:2014-04-01T00:00:00
db:JVNDBid:JVNDB-2014-001893date:2014-04-03T00:00:00
db:CNNVDid:CNNVD-201404-031date:2014-04-03T00:00:00
db:NVDid:CVE-2014-2125date:2024-11-21T02:05:42.047

SOURCES RELEASE DATE
db:VULHUBid:VHN-70064date:2014-04-02T00:00:00
db:BIDid:66558date:2014-04-01T00:00:00
db:JVNDBid:JVNDB-2014-001893date:2014-04-03T00:00:00
db:CNNVDid:CNNVD-201404-031date:2014-04-03T00:00:00
db:NVDid:CVE-2014-2125date:2014-04-02T03:58:17.090