Sign-up

ID

VAR-201502-0210


CVE

CVE-2014-3365


TITLE

Cisco Prime Security Manager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-007881

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808. Cisco Prime Security Manager (PRSM) Contains a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuo94808. The platform can add multiple ASA CX devices to PRSM's device inventory and apply security policies to their devices. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Trust: 1.98

sources: NVD: CVE-2014-3365 // JVNDB: JVNDB-2014-007881 // BID: 72554 // VULHUB: VHN-71305

AFFECTED PRODUCTS

vendor:ciscomodel:prime security managerscope:lteversion:9.2.1-2

Trust: 1.0

vendor:ciscomodel:prime security managerscope:lteversion:9.2(.1-2)

Trust: 0.8

vendor:ciscomodel:prime security managerscope:eqversion:9.2.1-2

Trust: 0.6

sources: JVNDB: JVNDB-2014-007881 // CNNVD: CNNVD-201502-264 // NVD: CVE-2014-3365

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3365
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3365
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201502-264
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71305
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3365
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71305
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71305 // JVNDB: JVNDB-2014-007881 // CNNVD: CNNVD-201502-264 // NVD: CVE-2014-3365

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-71305 // JVNDB: JVNDB-2014-007881 // NVD: CVE-2014-3365

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-264

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201502-264

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007881

PATCH
title:Cisco Prime Security Manager Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3365
Trust: 0.8
title:37418url:http://tools.cisco.com/security/center/viewAlert.x?alertId=37418
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007881

EXTERNAL IDS
db:NVDid:CVE-2014-3365
Trust: 2.8
db:SECTRACKid:1031716
Trust: 1.1
db:JVNDBid:JVNDB-2014-007881
Trust: 0.8
db:CNNVDid:CNNVD-201502-264
Trust: 0.7
db:BIDid:72554
Trust: 0.4
db:VULHUBid:VHN-71305
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71305 // 
            
            
            
            BID: 72554 // 
            
            
            
            JVNDB: JVNDB-2014-007881 // 
            
            
            
            CNNVD: CNNVD-201502-264 // 
            
            
            
            NVD: CVE-2014-3365

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3365
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=37418
Trust: 1.7
url:http://www.securitytracker.com/id/1031716
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100756
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3365
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3365
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71305 // 
            
            
            
            BID: 72554 // 
            
            
            
            JVNDB: JVNDB-2014-007881 // 
            
            
            
            CNNVD: CNNVD-201502-264 // 
            
            
            
            NVD: CVE-2014-3365

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 72554

SOURCES
db:VULHUBid:VHN-71305
db:BIDid:72554
db:JVNDBid:JVNDB-2014-007881
db:CNNVDid:CNNVD-201502-264
db:NVDid:CVE-2014-3365

LAST UPDATE DATE
2024-11-23T22:22:56.363000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71305date:2017-08-29T00:00:00
db:BIDid:72554date:2015-02-16T00:04:00
db:JVNDBid:JVNDB-2014-007881date:2015-02-17T00:00:00
db:CNNVDid:CNNVD-201502-264date:2015-02-12T00:00:00
db:NVDid:CVE-2014-3365date:2024-11-21T02:07:56.993

SOURCES RELEASE DATE
db:VULHUBid:VHN-71305date:2015-02-12T00:00:00
db:BIDid:72554date:2015-02-09T00:00:00
db:JVNDBid:JVNDB-2014-007881date:2015-02-17T00:00:00
db:CNNVDid:CNNVD-201502-264date:2015-02-12T00:00:00
db:NVDid:CVE-2014-3365date:2015-02-12T01:59:19.030