Sign-up

ID

VAR-201412-0274


CVE

CVE-2014-3364


TITLE

Cisco Prime Security Manager of Web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-007390

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuq80661. The platform can add multiple ASA CX devices to PRSM's device inventory and apply security policies to their devices

Trust: 1.98

sources: NVD: CVE-2014-3364 // JVNDB: JVNDB-2014-007390 // BID: 71669 // VULHUB: VHN-71304

AFFECTED PRODUCTS

vendor:ciscomodel:prime security managerscope:lteversion:9.2.1-2

Trust: 1.8

vendor:ciscomodel:prime security managerscope:eqversion:9.2.1-2

Trust: 0.6

sources: JVNDB: JVNDB-2014-007390 // CNNVD: CNNVD-201412-331 // NVD: CVE-2014-3364

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3364
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3364
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-331
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71304
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3364
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71304
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71304 // JVNDB: JVNDB-2014-007390 // CNNVD: CNNVD-201412-331 // NVD: CVE-2014-3364

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-71304 // JVNDB: JVNDB-2014-007390 // NVD: CVE-2014-3364

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-331

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201412-331

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007390

PATCH
title:Cisco Prime Security Manager Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3364
Trust: 0.8
title:36741url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36741
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007390

EXTERNAL IDS
db:NVDid:CVE-2014-3364
Trust: 2.8
db:BIDid:71669
Trust: 1.0
db:JVNDBid:JVNDB-2014-007390
Trust: 0.8
db:CNNVDid:CNNVD-201412-331
Trust: 0.7
db:VULHUBid:VHN-71304
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71304 // 
            
            
            
            BID: 71669 // 
            
            
            
            JVNDB: JVNDB-2014-007390 // 
            
            
            
            CNNVD: CNNVD-201412-331 // 
            
            
            
            NVD: CVE-2014-3364

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3364
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=36741
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3364
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3364
Trust: 0.8
url:http://www.securityfocus.com/bid/71669
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71304 // 
            
            
            
            BID: 71669 // 
            
            
            
            JVNDB: JVNDB-2014-007390 // 
            
            
            
            CNNVD: CNNVD-201412-331 // 
            
            
            
            NVD: CVE-2014-3364

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 71669 // 
            
            
            
            CNNVD: CNNVD-201412-331

SOURCES
db:VULHUBid:VHN-71304
db:BIDid:71669
db:JVNDBid:JVNDB-2014-007390
db:CNNVDid:CNNVD-201412-331
db:NVDid:CVE-2014-3364

LAST UPDATE DATE
2024-11-23T22:08:11.860000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71304date:2014-12-16T00:00:00
db:BIDid:71669date:2015-03-19T09:26:00
db:JVNDBid:JVNDB-2014-007390date:2014-12-25T00:00:00
db:CNNVDid:CNNVD-201412-331date:2014-12-16T00:00:00
db:NVDid:CVE-2014-3364date:2024-11-21T02:07:56.880

SOURCES RELEASE DATE
db:VULHUBid:VHN-71304date:2014-12-13T00:00:00
db:BIDid:71669date:2014-12-12T00:00:00
db:JVNDBid:JVNDB-2014-007390date:2014-12-25T00:00:00
db:CNNVDid:CNNVD-201412-331date:2014-12-15T00:00:00
db:NVDid:CVE-2014-3364date:2014-12-13T00:59:00.070