Sign-up

ID

VAR-201407-0387


CVE

CVE-2014-3324


TITLE

Cisco TelePresence Server Software management Web Cross-site scripting vulnerability in the login page of the interface

Trust: 0.8

sources: JVNDB: JVNDB-2014-003590

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCup90060. Cisco TelePresence Server Software is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco). The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect

Trust: 1.98

sources: NVD: CVE-2014-3324 // JVNDB: JVNDB-2014-003590 // BID: 68885 // VULHUB: VHN-71264

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.1\(1.98\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:4.0\(2.8\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0\(2.24\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:4.0\(1.57\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:4.0(2.8)

Trust: 0.8

sources: JVNDB: JVNDB-2014-003590 // CNNVD: CNNVD-201407-628 // NVD: CVE-2014-3324

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3324
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3324
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201407-628
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71264
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3324
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71264
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71264 // JVNDB: JVNDB-2014-003590 // CNNVD: CNNVD-201407-628 // NVD: CVE-2014-3324

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-71264 // JVNDB: JVNDB-2014-003590 // NVD: CVE-2014-3324

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-628

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201407-628

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003590

PATCH
title:Cisco TelePresence Management Interface Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3324
Trust: 0.8
title:35031url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35031
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003590

EXTERNAL IDS
db:NVDid:CVE-2014-3324
Trust: 2.8
db:SECUNIAid:60456
Trust: 1.7
db:BIDid:68885
Trust: 1.4
db:SECTRACKid:1030640
Trust: 1.1
db:JVNDBid:JVNDB-2014-003590
Trust: 0.8
db:CNNVDid:CNNVD-201407-628
Trust: 0.7
db:VULHUBid:VHN-71264
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71264 // 
            
            
            
            BID: 68885 // 
            
            
            
            JVNDB: JVNDB-2014-003590 // 
            
            
            
            CNNVD: CNNVD-201407-628 // 
            
            
            
            NVD: CVE-2014-3324

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3324
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=35031
Trust: 1.7
url:http://secunia.com/advisories/60456
Trust: 1.7
url:http://www.securityfocus.com/bid/68885
Trust: 1.1
url:http://www.securitytracker.com/id/1030640
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/94847
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3324
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3324
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71264 // 
            
            
            
            BID: 68885 // 
            
            
            
            JVNDB: JVNDB-2014-003590 // 
            
            
            
            CNNVD: CNNVD-201407-628 // 
            
            
            
            NVD: CVE-2014-3324

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 68885

SOURCES
db:VULHUBid:VHN-71264
db:BIDid:68885
db:JVNDBid:JVNDB-2014-003590
db:CNNVDid:CNNVD-201407-628
db:NVDid:CVE-2014-3324

LAST UPDATE DATE
2024-11-23T23:05:46.364000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71264date:2017-08-29T00:00:00
db:BIDid:68885date:2014-07-24T00:00:00
db:JVNDBid:JVNDB-2014-003590date:2014-07-29T00:00:00
db:CNNVDid:CNNVD-201407-628date:2014-07-28T00:00:00
db:NVDid:CVE-2014-3324date:2024-11-21T02:07:52.100

SOURCES RELEASE DATE
db:VULHUBid:VHN-71264date:2014-07-26T00:00:00
db:BIDid:68885date:2014-07-24T00:00:00
db:JVNDBid:JVNDB-2014-003590date:2014-07-29T00:00:00
db:CNNVDid:CNNVD-201407-628date:2014-07-28T00:00:00
db:NVDid:CVE-2014-3324date:2014-07-26T11:11:57.177