Sign-up

ID

VAR-201407-0378


CVE

CVE-2014-3315


TITLE

Cisco Unified Communications Manager of Dialed Number Analyzer Component cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-003309

DESCRIPTION

Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308. Vendors have confirmed this vulnerability Bug ID CSCup76308 It is released as.By any third party through unspecified parameters Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCup76308. Dialed Number Analyzer (DNA) is one of the serviceability tools used to analyze dial plans for specific numbers

Trust: 1.98

sources: NVD: CVE-2014-3315 // JVNDB: JVNDB-2014-003309 // BID: 68477 // VULHUB: VHN-71255

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:10.0\(1\)_base

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.0(1)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2014-003309 // CNNVD: CNNVD-201407-255 // NVD: CVE-2014-3315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3315
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3315
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201407-255
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71255
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3315
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71255
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71255 // JVNDB: JVNDB-2014-003309 // CNNVD: CNNVD-201407-255 // NVD: CVE-2014-3315

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-71255 // JVNDB: JVNDB-2014-003309 // NVD: CVE-2014-3315

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-255

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201407-255

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003309

PATCH
title:Cisco Unified Communications Manager DNA Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315
Trust: 0.8
title:34900url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34900
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003309

EXTERNAL IDS
db:NVDid:CVE-2014-3315
Trust: 2.8
db:BIDid:68477
Trust: 1.4
db:SECUNIAid:59739
Trust: 1.1
db:JVNDBid:JVNDB-2014-003309
Trust: 0.8
db:CNNVDid:CNNVD-201407-255
Trust: 0.7
db:VULHUBid:VHN-71255
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71255 // 
            
            
            
            BID: 68477 // 
            
            
            
            JVNDB: JVNDB-2014-003309 // 
            
            
            
            CNNVD: CNNVD-201407-255 // 
            
            
            
            NVD: CVE-2014-3315

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3315
Trust: 1.7
url:http://www.securityfocus.com/bid/68477
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34900
Trust: 1.1
url:http://secunia.com/advisories/59739
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/94430
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3315
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3315
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71255 // 
            
            
            
            BID: 68477 // 
            
            
            
            JVNDB: JVNDB-2014-003309 // 
            
            
            
            CNNVD: CNNVD-201407-255 // 
            
            
            
            NVD: CVE-2014-3315

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 68477

SOURCES
db:VULHUBid:VHN-71255
db:BIDid:68477
db:JVNDBid:JVNDB-2014-003309
db:CNNVDid:CNNVD-201407-255
db:NVDid:CVE-2014-3315

LAST UPDATE DATE
2024-11-23T23:09:22.684000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71255date:2017-08-29T00:00:00
db:BIDid:68477date:2014-07-14T00:57:00
db:JVNDBid:JVNDB-2014-003309date:2014-07-11T00:00:00
db:CNNVDid:CNNVD-201407-255date:2014-07-11T00:00:00
db:NVDid:CVE-2014-3315date:2024-11-21T02:07:51.037

SOURCES RELEASE DATE
db:VULHUBid:VHN-71255date:2014-07-10T00:00:00
db:BIDid:68477date:2014-07-09T00:00:00
db:JVNDBid:JVNDB-2014-003309date:2014-07-11T00:00:00
db:CNNVDid:CNNVD-201407-255date:2014-07-11T00:00:00
db:NVDid:CVE-2014-3315date:2014-07-10T11:06:27.973