Sign-up

ID

VAR-201501-0329


CVE

CVE-2014-8028


TITLE

Cisco Secure Access Control System of Web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-007556

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID CSCuq79019. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Trust: 1.98

sources: NVD: CVE-2014-8028 // JVNDB: JVNDB-2014-007556 // BID: 71946 // VULHUB: VHN-75973

AFFECTED PRODUCTS

vendor:ciscomodel:secure access control systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:secure access control system softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2014-007556 // CNNVD: CNNVD-201501-164 // NVD: CVE-2014-8028

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8028
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8028
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-164
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75973
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8028
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75973
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75973 // JVNDB: JVNDB-2014-007556 // CNNVD: CNNVD-201501-164 // NVD: CVE-2014-8028

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-75973 // JVNDB: JVNDB-2014-007556 // NVD: CVE-2014-8028

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-164

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201501-164

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007556

PATCH
title:Cisco Secure Access Control Server Multiple Cross-Site Scripting Vulnerabilitiesurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8028
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007556

EXTERNAL IDS
db:NVDid:CVE-2014-8028
Trust: 2.8
db:BIDid:71946
Trust: 1.4
db:SECTRACKid:1031515
Trust: 1.1
db:SECUNIAid:62159
Trust: 1.1
db:JVNDBid:JVNDB-2014-007556
Trust: 0.8
db:CNNVDid:CNNVD-201501-164
Trust: 0.7
db:VULHUBid:VHN-75973
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75973 // 
            
            
            
            BID: 71946 // 
            
            
            
            JVNDB: JVNDB-2014-007556 // 
            
            
            
            CNNVD: CNNVD-201501-164 // 
            
            
            
            NVD: CVE-2014-8028

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8028
Trust: 1.7
url:http://www.securityfocus.com/bid/71946
Trust: 1.1
url:http://www.securitytracker.com/id/1031515
Trust: 1.1
url:http://secunia.com/advisories/62159
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100553
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8028
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8028
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-75973 // 
            
            
            
            BID: 71946 // 
            
            
            
            JVNDB: JVNDB-2014-007556 // 
            
            
            
            CNNVD: CNNVD-201501-164 // 
            
            
            
            NVD: CVE-2014-8028

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71946

SOURCES
db:VULHUBid:VHN-75973
db:BIDid:71946
db:JVNDBid:JVNDB-2014-007556
db:CNNVDid:CNNVD-201501-164
db:NVDid:CVE-2014-8028

LAST UPDATE DATE
2024-11-23T22:13:32.939000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75973date:2017-09-08T00:00:00
db:BIDid:71946date:2015-01-21T00:01:00
db:JVNDBid:JVNDB-2014-007556date:2015-01-13T00:00:00
db:CNNVDid:CNNVD-201501-164date:2015-01-09T00:00:00
db:NVDid:CVE-2014-8028date:2024-11-21T02:18:27.363

SOURCES RELEASE DATE
db:VULHUBid:VHN-75973date:2015-01-09T00:00:00
db:BIDid:71946date:2015-01-08T00:00:00
db:JVNDBid:JVNDB-2014-007556date:2015-01-13T00:00:00
db:CNNVDid:CNNVD-201501-164date:2015-01-09T00:00:00
db:NVDid:CVE-2014-8028date:2015-01-09T02:59:04.397