Sign-up

ID

VAR-201501-0327


CVE

CVE-2014-8022


TITLE

Cisco Identity Services Engine Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-007700

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776. Cisco Identity Services Engine Contains a cross-site scripting vulnerability. Vendors have confirmed this vulnerability Bug ID CSCur69835 and CSCur69776 It is released as.Unspecified by a third party Web Via any input to the page Web Script or HTML May be inserted. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCus16049, CSCus16050, CSCut25227, CSCur69835 and CSCur69776. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2014-8022 // JVNDB: JVNDB-2014-007700 // BID: 72083 // VULHUB: VHN-75967

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:identity services enginescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2014-007700 // CNNVD: CNNVD-201501-340 // NVD: CVE-2014-8022

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8022
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8022
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-340
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75967
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8022
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75967
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75967 // JVNDB: JVNDB-2014-007700 // CNNVD: CNNVD-201501-340 // NVD: CVE-2014-8022

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-75967 // JVNDB: JVNDB-2014-007700 // NVD: CVE-2014-8022

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-340

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201501-340

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007700

PATCH
title:Cisco Identity Services Engine Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8022
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007700

EXTERNAL IDS
db:NVDid:CVE-2014-8022
Trust: 2.8
db:BIDid:72083
Trust: 1.4
db:SECTRACKid:1031560
Trust: 1.1
db:JVNDBid:JVNDB-2014-007700
Trust: 0.8
db:CNNVDid:CNNVD-201501-340
Trust: 0.7
db:VULHUBid:VHN-75967
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75967 // 
            
            
            
            BID: 72083 // 
            
            
            
            JVNDB: JVNDB-2014-007700 // 
            
            
            
            CNNVD: CNNVD-201501-340 // 
            
            
            
            NVD: CVE-2014-8022

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8022
Trust: 1.7
url:http://www.securityfocus.com/bid/72083
Trust: 1.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=37045
Trust: 1.1
url:http://www.securitytracker.com/id/1031560
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100664
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8022
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8022
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps11640/
Trust: 0.3
url:tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8022
Trust: 0.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150128-cve-2014-8022
Trust: 0.3
sources:
            
            
            VULHUB: VHN-75967 // 
            
            
            
            BID: 72083 // 
            
            
            
            JVNDB: JVNDB-2014-007700 // 
            
            
            
            CNNVD: CNNVD-201501-340 // 
            
            
            
            NVD: CVE-2014-8022

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 72083

SOURCES
db:VULHUBid:VHN-75967
db:BIDid:72083
db:JVNDBid:JVNDB-2014-007700
db:CNNVDid:CNNVD-201501-340
db:NVDid:CVE-2014-8022

LAST UPDATE DATE
2024-11-23T22:45:59.460000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75967date:2017-09-08T00:00:00
db:BIDid:72083date:2016-07-06T14:42:00
db:JVNDBid:JVNDB-2014-007700date:2015-01-20T00:00:00
db:CNNVDid:CNNVD-201501-340date:2015-01-16T00:00:00
db:NVDid:CVE-2014-8022date:2024-11-21T02:18:26.677

SOURCES RELEASE DATE
db:VULHUBid:VHN-75967date:2015-01-15T00:00:00
db:BIDid:72083date:2015-01-15T00:00:00
db:JVNDBid:JVNDB-2014-007700date:2015-01-20T00:00:00
db:CNNVDid:CNNVD-201501-340date:2015-01-16T00:00:00
db:NVDid:CVE-2014-8022date:2015-01-15T22:59:01.413