Details of VAR-201502-0213

ID

VAR-201502-0213

CVE

CVE-2014-8021

TITLE

Cisco AnyConnect Secure Mobility Client and Cisco HostScan Engine cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-007836

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149. Vendors have confirmed this vulnerability Bug ID CSCup82990 ,and CSCuq80149 It is released as.Applet pass URL Depending on the problem, any Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID's CSCup82990 and CSCuq80149

Trust: 1.98

sources: NVD: CVE-2014-8021 // JVNDB: JVNDB-2014-007836 // BID: 72475 // VULHUB: VHN-75966

AFFECTED PRODUCTS

vendor:	cisco	model:	hostscan engine	scope:	lte	version:	3.1\(.05183\)	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	lte	version:	3.1\(.02043\)	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	lte	version:	3.1(.02043)	Trust: 0.8
vendor:	cisco	model:	hostscan engine	scope:	lte	version:	3.1(.05183)	Trust: 0.8
vendor:	cisco	model:	hostscan engine	scope:	eq	version:	3.1\(.05183\)	Trust: 0.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1\(.02043\)	Trust: 0.6
vendor:	cisco	model:	hostscan engine	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	0	Trust: 0.3

sources: BID: 72475 // JVNDB: JVNDB-2014-007836 // CNNVD: CNNVD-201502-067 // NVD: CVE-2014-8021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8021
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-8021
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201502-067
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-75966
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-8021
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-75966
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-75966 // JVNDB: JVNDB-2014-007836 // CNNVD: CNNVD-201502-067 // NVD: CVE-2014-8021

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-75966 // JVNDB: JVNDB-2014-007836 // NVD: CVE-2014-8021

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-067

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201502-067

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007836

PATCH

title:	Cisco AnyConnect and Cisco Host Scan Web Launch Cross-Site Scripting Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8021	Trust: 0.8
title:	37323	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37323	Trust: 0.8

sources: JVNDB: JVNDB-2014-007836

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8021	Trust: 2.8
db:	BID	id:	72475	Trust: 1.4
db:	JVNDB	id:	JVNDB-2014-007836	Trust: 0.8
db:	CNNVD	id:	CNNVD-201502-067	Trust: 0.7
db:	VULHUB	id:	VHN-75966	Trust: 0.1

sources: VULHUB: VHN-75966 // BID: 72475 // JVNDB: JVNDB-2014-007836 // CNNVD: CNNVD-201502-067 // NVD: CVE-2014-8021

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8021	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37323	Trust: 1.7
url:	http://www.securityfocus.com/bid/72475	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/100666	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8021	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8021	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-75966 // BID: 72475 // JVNDB: JVNDB-2014-007836 // CNNVD: CNNVD-201502-067 // NVD: CVE-2014-8021

CREDITS

Cisco

Trust: 0.3

sources: BID: 72475

SOURCES

db:	VULHUB	id:	VHN-75966
db:	BID	id:	72475
db:	JVNDB	id:	JVNDB-2014-007836
db:	CNNVD	id:	CNNVD-201502-067
db:	NVD	id:	CVE-2014-8021

LAST UPDATE DATE

2024-11-23T22:38:53.385000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-75966	date:	2017-09-08T00:00:00
db:	BID	id:	72475	date:	2015-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-007836	date:	2015-02-13T00:00:00
db:	CNNVD	id:	CNNVD-201502-067	date:	2015-02-04T00:00:00
db:	NVD	id:	CVE-2014-8021	date:	2024-11-21T02:18:26.567

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-75966	date:	2015-02-03T00:00:00
db:	BID	id:	72475	date:	2015-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-007836	date:	2015-02-13T00:00:00
db:	CNNVD	id:	CNNVD-201502-067	date:	2015-02-04T00:00:00
db:	NVD	id:	CVE-2014-8021	date:	2015-02-03T22:59:01.253