Details of VAR-201405-0348

ID

VAR-201405-0348

CVE

CVE-2014-3275

TITLE

Cisco Identity Services Engine of Web In the framework SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002649

DESCRIPTION

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is being tracked by Cisco Bug ID CSCul21337. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2014-3275 // JVNDB: JVNDB-2014-002649 // BID: 67555 // VULHUB: VHN-71215

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.0	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.1	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	lte	version:	1.2	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	lte	version:	1.2(.1 patch 2)	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2	Trust: 0.6

sources: JVNDB: JVNDB-2014-002649 // CNNVD: CNNVD-201405-475 // NVD: CVE-2014-3275

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3275
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3275
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201405-475
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71215
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3275
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71215
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71215 // JVNDB: JVNDB-2014-002649 // CNNVD: CNNVD-201405-475 // NVD: CVE-2014-3275

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-71215 // JVNDB: JVNDB-2014-002649 // NVD: CVE-2014-3275

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-475

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201405-475

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002649

PATCH

title:	Cisco ISE Blind SQL Injection Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275	Trust: 0.8
title:	34328	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34328	Trust: 0.8

sources: JVNDB: JVNDB-2014-002649

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3275	Trust: 2.8
db:	BID	id:	67555	Trust: 1.4
db:	SECTRACK	id:	1030273	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-002649	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-475	Trust: 0.7
db:	CISCO	id:	20140521 CISCO ISE BLIND SQL INJECTION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-71215	Trust: 0.1

sources: VULHUB: VHN-71215 // BID: 67555 // JVNDB: JVNDB-2014-002649 // CNNVD: CNNVD-201405-475 // NVD: CVE-2014-3275

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3275	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34328	Trust: 1.7
url:	http://www.securityfocus.com/bid/67555	Trust: 1.1
url:	http://www.securitytracker.com/id/1030273	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3275	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3275	Trust: 0.8
url:	www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-71215 // BID: 67555 // JVNDB: JVNDB-2014-002649 // CNNVD: CNNVD-201405-475 // NVD: CVE-2014-3275

CREDITS

Cisco

Trust: 0.3

sources: BID: 67555

SOURCES

db:	VULHUB	id:	VHN-71215
db:	BID	id:	67555
db:	JVNDB	id:	JVNDB-2014-002649
db:	CNNVD	id:	CNNVD-201405-475
db:	NVD	id:	CVE-2014-3275

LAST UPDATE DATE

2024-11-23T22:35:15.719000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71215	date:	2015-09-16T00:00:00
db:	BID	id:	67555	date:	2014-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2014-002649	date:	2014-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201405-475	date:	2014-05-28T00:00:00
db:	NVD	id:	CVE-2014-3275	date:	2024-11-21T02:07:46.457

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71215	date:	2014-05-26T00:00:00
db:	BID	id:	67555	date:	2014-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2014-002649	date:	2014-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201405-475	date:	2014-05-28T00:00:00
db:	NVD	id:	CVE-2014-3275	date:	2014-05-26T00:25:31.440