Sign-up

ID

VAR-201407-0389


CVE

CVE-2014-3326


TITLE

Cisco Security Manager of Web In the framework SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-003591

DESCRIPTION

SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is being tracked by Cisco Bug ID CSCup26957

Trust: 1.98

sources: NVD: CVE-2014-3326 // JVNDB: JVNDB-2014-003591 // BID: 68877 // VULHUB: VHN-71266

AFFECTED PRODUCTS

vendor:ciscomodel:security managerscope:eqversion:4.5

Trust: 2.4

vendor:ciscomodel:security managerscope:eqversion:4.6

Trust: 2.4

sources: JVNDB: JVNDB-2014-003591 // CNNVD: CNNVD-201407-629 // NVD: CVE-2014-3326

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3326
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3326
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201407-629
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71266
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3326
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71266
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71266 // JVNDB: JVNDB-2014-003591 // CNNVD: CNNVD-201407-629 // NVD: CVE-2014-3326

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-71266 // JVNDB: JVNDB-2014-003591 // NVD: CVE-2014-3326

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-629

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201407-629

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003591

PATCH
title:Cisco Security Manager SQL Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3326
Trust: 0.8
title:35029url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35029
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003591

EXTERNAL IDS
db:NVDid:CVE-2014-3326
Trust: 2.8
db:SECUNIAid:60455
Trust: 1.7
db:BIDid:68877
Trust: 1.4
db:SECTRACKid:1030639
Trust: 1.1
db:JVNDBid:JVNDB-2014-003591
Trust: 0.8
db:CNNVDid:CNNVD-201407-629
Trust: 0.7
db:VULHUBid:VHN-71266
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71266 // 
            
            
            
            BID: 68877 // 
            
            
            
            JVNDB: JVNDB-2014-003591 // 
            
            
            
            CNNVD: CNNVD-201407-629 // 
            
            
            
            NVD: CVE-2014-3326

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3326
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=35029
Trust: 1.7
url:http://secunia.com/advisories/60455
Trust: 1.7
url:http://www.securityfocus.com/bid/68877
Trust: 1.1
url:http://www.securitytracker.com/id/1030639
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/94841
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3326
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3326
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71266 // 
            
            
            
            BID: 68877 // 
            
            
            
            JVNDB: JVNDB-2014-003591 // 
            
            
            
            CNNVD: CNNVD-201407-629 // 
            
            
            
            NVD: CVE-2014-3326

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 68877

SOURCES
db:VULHUBid:VHN-71266
db:BIDid:68877
db:JVNDBid:JVNDB-2014-003591
db:CNNVDid:CNNVD-201407-629
db:NVDid:CVE-2014-3326

LAST UPDATE DATE
2024-11-23T22:38:57.036000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71266date:2017-08-29T00:00:00
db:BIDid:68877date:2014-07-24T00:00:00
db:JVNDBid:JVNDB-2014-003591date:2014-07-29T00:00:00
db:CNNVDid:CNNVD-201407-629date:2014-07-29T00:00:00
db:NVDid:CVE-2014-3326date:2024-11-21T02:07:52.350

SOURCES RELEASE DATE
db:VULHUBid:VHN-71266date:2014-07-26T00:00:00
db:BIDid:68877date:2014-07-24T00:00:00
db:JVNDBid:JVNDB-2014-003591date:2014-07-29T00:00:00
db:CNNVDid:CNNVD-201407-629date:2014-07-29T00:00:00
db:NVDid:CVE-2014-3326date:2014-07-26T11:11:57.223