Details of VAR-201502-0336

ID

VAR-201502-0336

CVE

CVE-2014-2152

TITLE

Cisco Prime Infrastructure of INSERT Page cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-007883

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868. Vendors have confirmed this vulnerability Bug ID CSCun21868 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCun21868

Trust: 1.98

sources: NVD: CVE-2014-2152 // JVNDB: JVNDB-2014-007883 // BID: 72558 // VULHUB: VHN-70091

AFFECTED PRODUCTS

vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	lte	version:	2.0	Trust: 0.8
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.3	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.2	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.0.0	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.2.1	Trust: 0.3

sources: BID: 72558 // JVNDB: JVNDB-2014-007883 // CNNVD: CNNVD-201502-262 // NVD: CVE-2014-2152

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2152
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2152
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201502-262
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70091
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2152
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70091
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70091 // JVNDB: JVNDB-2014-007883 // CNNVD: CNNVD-201502-262 // NVD: CVE-2014-2152

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-70091 // JVNDB: JVNDB-2014-007883 // NVD: CVE-2014-2152

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-262

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201502-262

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007883

PATCH

title:	Cisco Prime Infrastructure Cross-Site Request Forgery Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2152	Trust: 0.8
title:	37403	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37403	Trust: 0.8

sources: JVNDB: JVNDB-2014-007883

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2152	Trust: 2.8
db:	BID	id:	72558	Trust: 1.4
db:	SECTRACK	id:	1031715	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-007883	Trust: 0.8
db:	CNNVD	id:	CNNVD-201502-262	Trust: 0.7
db:	VULHUB	id:	VHN-70091	Trust: 0.1

sources: VULHUB: VHN-70091 // BID: 72558 // JVNDB: JVNDB-2014-007883 // CNNVD: CNNVD-201502-262 // NVD: CVE-2014-2152

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2152	Trust: 2.0
url:	http://www.securityfocus.com/bid/72558	Trust: 1.1
url:	http://www.securitytracker.com/id/1031715	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/100747	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2152	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2152	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37403	Trust: 0.3

sources: VULHUB: VHN-70091 // BID: 72558 // JVNDB: JVNDB-2014-007883 // CNNVD: CNNVD-201502-262 // NVD: CVE-2014-2152

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 72558

SOURCES

db:	VULHUB	id:	VHN-70091
db:	BID	id:	72558
db:	JVNDB	id:	JVNDB-2014-007883
db:	CNNVD	id:	CNNVD-201502-262
db:	NVD	id:	CVE-2014-2152

LAST UPDATE DATE

2024-11-23T21:55:06.057000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70091	date:	2017-08-29T00:00:00
db:	BID	id:	72558	date:	2015-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-007883	date:	2015-02-17T00:00:00
db:	CNNVD	id:	CNNVD-201502-262	date:	2015-02-12T00:00:00
db:	NVD	id:	CVE-2014-2152	date:	2024-11-21T02:05:44.850

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70091	date:	2015-02-12T00:00:00
db:	BID	id:	72558	date:	2015-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-007883	date:	2015-02-17T00:00:00
db:	CNNVD	id:	CNNVD-201502-262	date:	2015-02-12T00:00:00
db:	NVD	id:	CVE-2014-2152	date:	2015-02-12T01:59:16.593