Details of VAR-201412-0295

ID

VAR-201412-0295

CVE

CVE-2014-8012

TITLE

Cisco Adaptive Security Appliance Software WebVPN Portal login page cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-007302

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuh24695

Trust: 2.07

sources: NVD: CVE-2014-8012 // JVNDB: JVNDB-2014-007302 // BID: 71723 // VULHUB: VHN-75957 // VULMON: CVE-2014-8012

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	9.2.1	Trust: 0.8

sources: JVNDB: JVNDB-2014-007302 // CNNVD: CNNVD-201412-415 // NVD: CVE-2014-8012

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8012
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-8012
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201412-415
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-75957
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-8012
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-8012
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-75957
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-75957 // VULMON: CVE-2014-8012 // JVNDB: JVNDB-2014-007302 // CNNVD: CNNVD-201412-415 // NVD: CVE-2014-8012

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-75957 // JVNDB: JVNDB-2014-007302 // NVD: CVE-2014-8012

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-415

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201412-415

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007302

PATCH

title:	Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8012	Trust: 0.8
title:	36792	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=36792	Trust: 0.8
title:	Cisco: Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20141218-CVE-2014-8012	Trust: 0.1

sources: VULMON: CVE-2014-8012 // JVNDB: JVNDB-2014-007302

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8012	Trust: 2.9
db:	SECTRACK	id:	1031395	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-007302	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-415	Trust: 0.7
db:	BID	id:	71723	Trust: 0.5
db:	VULHUB	id:	VHN-75957	Trust: 0.1
db:	VULMON	id:	CVE-2014-8012	Trust: 0.1

sources: VULHUB: VHN-75957 // VULMON: CVE-2014-8012 // BID: 71723 // JVNDB: JVNDB-2014-007302 // CNNVD: CNNVD-201412-415 // NVD: CVE-2014-8012

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8012	Trust: 1.8
url:	http://www.securitytracker.com/id/1031395	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8012	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8012	Trust: 0.8
url:	www.cisco.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/71723	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141218-cve-2014-8012	Trust: 0.1

sources: VULHUB: VHN-75957 // VULMON: CVE-2014-8012 // BID: 71723 // JVNDB: JVNDB-2014-007302 // CNNVD: CNNVD-201412-415 // NVD: CVE-2014-8012

CREDITS

Cisco

Trust: 0.3

sources: BID: 71723

SOURCES

db:	VULHUB	id:	VHN-75957
db:	VULMON	id:	CVE-2014-8012
db:	BID	id:	71723
db:	JVNDB	id:	JVNDB-2014-007302
db:	CNNVD	id:	CNNVD-201412-415
db:	NVD	id:	CVE-2014-8012

LAST UPDATE DATE

2024-11-23T22:08:11.828000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-75957	date:	2017-01-03T00:00:00
db:	VULMON	id:	CVE-2014-8012	date:	2017-01-03T00:00:00
db:	BID	id:	71723	date:	2014-12-24T00:56:00
db:	JVNDB	id:	JVNDB-2014-007302	date:	2014-12-22T00:00:00
db:	CNNVD	id:	CNNVD-201412-415	date:	2014-12-19T00:00:00
db:	NVD	id:	CVE-2014-8012	date:	2024-11-21T02:18:25.570

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-75957	date:	2014-12-18T00:00:00
db:	VULMON	id:	CVE-2014-8012	date:	2014-12-18T00:00:00
db:	BID	id:	71723	date:	2014-12-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-007302	date:	2014-12-22T00:00:00
db:	CNNVD	id:	CNNVD-201412-415	date:	2014-12-19T00:00:00
db:	NVD	id:	CVE-2014-8012	date:	2014-12-18T16:59:15.223