Sign-up

ID

VAR-201405-0362


CVE

CVE-2014-3267


TITLE

Cisco Security Manager of Web Cross-site request forgery vulnerability in framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-002646

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected user. Other attacks are also possible. This issue is being tracked by Cisco bug IDs CSCuo46427 and CSCup26931. Cisco Security Manager (CSM) is a set of enterprise-level management applications from Cisco, which is mainly used to configure firewall, VPN and intrusion prevention security services on Cisco network and security devices

Trust: 1.98

sources: NVD: CVE-2014-3267 // JVNDB: JVNDB-2014-002646 // BID: 67550 // VULHUB: VHN-71207

AFFECTED PRODUCTS

vendor:ciscomodel:security managerscope:lteversion:4.6

Trust: 1.8

vendor:ciscomodel:security managerscope:eqversion:4.0

Trust: 1.6

vendor:ciscomodel:security managerscope:eqversion:4.0.1

Trust: 1.6

vendor:ciscomodel:security managerscope:eqversion:4.2

Trust: 1.6

vendor:ciscomodel:security managerscope:eqversion:4.1

Trust: 1.6

vendor:ciscomodel:security managerscope:eqversion:4.3

Trust: 1.0

vendor:ciscomodel:security managerscope:eqversion:4.4

Trust: 1.0

vendor:ciscomodel:security managerscope:eqversion:4.5

Trust: 1.0

sources: JVNDB: JVNDB-2014-002646 // CNNVD: CNNVD-201405-472 // NVD: CVE-2014-3267

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3267
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3267
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201405-472
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71207
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3267
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71207
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71207 // JVNDB: JVNDB-2014-002646 // CNNVD: CNNVD-201405-472 // NVD: CVE-2014-3267

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-71207 // JVNDB: JVNDB-2014-002646 // NVD: CVE-2014-3267

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-472

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201405-472

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002646

PATCH
title:Cisco Security Manager Cross-Site Request Forgery Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3267
Trust: 0.8
title:34325url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34325
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002646

EXTERNAL IDS
db:NVDid:CVE-2014-3267
Trust: 2.8
db:SECTRACKid:1030271
Trust: 1.1
db:JVNDBid:JVNDB-2014-002646
Trust: 0.8
db:CNNVDid:CNNVD-201405-472
Trust: 0.7
db:CISCOid:20140521 CISCO SECURITY MANAGER CROSS-SITE REQUEST FORGERY VULNERABILITY
Trust: 0.6
db:BIDid:67550
Trust: 0.4
db:VULHUBid:VHN-71207
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71207 // 
            
            
            
            BID: 67550 // 
            
            
            
            JVNDB: JVNDB-2014-002646 // 
            
            
            
            CNNVD: CNNVD-201405-472 // 
            
            
            
            NVD: CVE-2014-3267

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3267
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34325
Trust: 1.7
url:http://www.securitytracker.com/id/1030271
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3267
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3267
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71207 // 
            
            
            
            BID: 67550 // 
            
            
            
            JVNDB: JVNDB-2014-002646 // 
            
            
            
            CNNVD: CNNVD-201405-472 // 
            
            
            
            NVD: CVE-2014-3267

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67550

SOURCES
db:VULHUBid:VHN-71207
db:BIDid:67550
db:JVNDBid:JVNDB-2014-002646
db:CNNVDid:CNNVD-201405-472
db:NVDid:CVE-2014-3267

LAST UPDATE DATE
2024-11-23T22:52:52.313000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71207date:2016-09-07T00:00:00
db:BIDid:67550date:2014-07-22T06:19:00
db:JVNDBid:JVNDB-2014-002646date:2014-05-28T00:00:00
db:CNNVDid:CNNVD-201405-472date:2014-05-28T00:00:00
db:NVDid:CVE-2014-3267date:2024-11-21T02:07:45.560

SOURCES RELEASE DATE
db:VULHUBid:VHN-71207date:2014-05-26T00:00:00
db:BIDid:67550date:2014-05-21T00:00:00
db:JVNDBid:JVNDB-2014-002646date:2014-05-28T00:00:00
db:CNNVDid:CNNVD-201405-472date:2014-05-28T00:00:00
db:NVDid:CVE-2014-3267date:2014-05-26T00:25:31.330