Sign-up

ID

VAR-201410-0999


CVE

CVE-2014-3375


TITLE

Cisco Unified Communications Manager Server CCM Service Interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-005164

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuq90597. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-3375 // JVNDB: JVNDB-2014-005164 // BID: 70850 // VULHUB: VHN-71315

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:lteversion:9.1(2.10000.28)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2014-005164 // CNNVD: CNNVD-201410-1437 // NVD: CVE-2014-3375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3375
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3375
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201410-1437
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71315
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3375
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71315
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71315 // JVNDB: JVNDB-2014-005164 // CNNVD: CNNVD-201410-1437 // NVD: CVE-2014-3375

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-71315 // JVNDB: JVNDB-2014-005164 // NVD: CVE-2014-3375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-1437

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201410-1437

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005164

PATCH
title:Cisco Unified Communications Manager Service Interface Reflected Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3375
Trust: 0.8
title:36297url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36297
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-005164

EXTERNAL IDS
db:NVDid:CVE-2014-3375
Trust: 2.8
db:BIDid:70850
Trust: 1.4
db:SECUNIAid:61025
Trust: 1.1
db:SECTRACKid:1031163
Trust: 1.1
db:JVNDBid:JVNDB-2014-005164
Trust: 0.8
db:CNNVDid:CNNVD-201410-1437
Trust: 0.7
db:VULHUBid:VHN-71315
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71315 // 
            
            
            
            BID: 70850 // 
            
            
            
            JVNDB: JVNDB-2014-005164 // 
            
            
            
            CNNVD: CNNVD-201410-1437 // 
            
            
            
            NVD: CVE-2014-3375

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3375
Trust: 1.7
url:http://www.securityfocus.com/bid/70850
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=36297
Trust: 1.1
url:http://www.securitytracker.com/id/1031163
Trust: 1.1
url:http://secunia.com/advisories/61025
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/98408
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3375
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3375
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71315 // 
            
            
            
            BID: 70850 // 
            
            
            
            JVNDB: JVNDB-2014-005164 // 
            
            
            
            CNNVD: CNNVD-201410-1437 // 
            
            
            
            NVD: CVE-2014-3375

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 70850

SOURCES
db:VULHUBid:VHN-71315
db:BIDid:70850
db:JVNDBid:JVNDB-2014-005164
db:CNNVDid:CNNVD-201410-1437
db:NVDid:CVE-2014-3375

LAST UPDATE DATE
2024-11-23T22:56:32.118000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71315date:2017-08-29T00:00:00
db:BIDid:70850date:2014-10-30T00:00:00
db:JVNDBid:JVNDB-2014-005164date:2014-11-04T00:00:00
db:CNNVDid:CNNVD-201410-1437date:2014-11-02T00:00:00
db:NVDid:CVE-2014-3375date:2024-11-21T02:07:58.057

SOURCES RELEASE DATE
db:VULHUBid:VHN-71315date:2014-10-31T00:00:00
db:BIDid:70850date:2014-10-30T00:00:00
db:JVNDBid:JVNDB-2014-005164date:2014-11-04T00:00:00
db:CNNVDid:CNNVD-201410-1437date:2014-10-31T00:00:00
db:NVDid:CVE-2014-3375date:2014-10-31T10:55:02.237