Sign-up

ID

VAR-201412-0292


CVE

CVE-2014-8007


TITLE

Cisco Prime Infrastructure In device-discovery Password read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-007371

DESCRIPTION

Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019. Cisco Prime Infrastructure Is device-discovery A vulnerability that allows passwords to be read exists. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue being tracked by Cisco Bug ID CSCum00019

Trust: 1.98

sources: NVD: CVE-2014-8007 // JVNDB: JVNDB-2014-007371 // BID: 71763 // VULHUB: VHN-75952

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime infrastructurescope:eqversion:2.0.0

Trust: 0.8

sources: JVNDB: JVNDB-2014-007371 // CNNVD: CNNVD-201412-451 // NVD: CVE-2014-8007

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8007
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8007
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-451
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75952
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8007
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75952
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75952 // JVNDB: JVNDB-2014-007371 // CNNVD: CNNVD-201412-451 // NVD: CVE-2014-8007

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-75952 // JVNDB: JVNDB-2014-007371 // NVD: CVE-2014-8007

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-451

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201412-451

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007371

PATCH
title:Cisco Prime Infrastructure Device Discovery Password Disclosure Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8007
Trust: 0.8
title:36845url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36845
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007371

EXTERNAL IDS
db:NVDid:CVE-2014-8007
Trust: 2.8
db:SECTRACKid:1031416
Trust: 1.1
db:JVNDBid:JVNDB-2014-007371
Trust: 0.8
db:CNNVDid:CNNVD-201412-451
Trust: 0.7
db:BIDid:71763
Trust: 0.4
db:VULHUBid:VHN-75952
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75952 // 
            
            
            
            BID: 71763 // 
            
            
            
            JVNDB: JVNDB-2014-007371 // 
            
            
            
            CNNVD: CNNVD-201412-451 // 
            
            
            
            NVD: CVE-2014-8007

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8007
Trust: 1.7
url:http://www.securitytracker.com/id/1031416
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8007
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8007
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-75952 // 
            
            
            
            BID: 71763 // 
            
            
            
            JVNDB: JVNDB-2014-007371 // 
            
            
            
            CNNVD: CNNVD-201412-451 // 
            
            
            
            NVD: CVE-2014-8007

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71763

SOURCES
db:VULHUBid:VHN-75952
db:BIDid:71763
db:JVNDBid:JVNDB-2014-007371
db:CNNVDid:CNNVD-201412-451
db:NVDid:CVE-2014-8007

LAST UPDATE DATE
2024-11-23T22:38:54.244000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75952date:2017-01-03T00:00:00
db:BIDid:71763date:2014-12-24T00:58:00
db:JVNDBid:JVNDB-2014-007371date:2014-12-24T00:00:00
db:CNNVDid:CNNVD-201412-451date:2014-12-24T00:00:00
db:NVDid:CVE-2014-8007date:2024-11-21T02:18:25.127

SOURCES RELEASE DATE
db:VULHUBid:VHN-75952date:2014-12-20T00:00:00
db:BIDid:71763date:2014-12-19T00:00:00
db:JVNDBid:JVNDB-2014-007371date:2014-12-24T00:00:00
db:CNNVDid:CNNVD-201412-451date:2014-12-23T00:00:00
db:NVDid:CVE-2014-8007date:2014-12-20T00:59:01.290