ID

VAR-201502-0337


CVE

CVE-2014-2153


TITLE

Cisco Prime Infrastructure of INSERT Page cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-007882

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun21869. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID CSCun21869. Cisco Prime Infrastructure (PI) is a set of Cisco (Cisco) wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technology

Trust: 1.98

sources: NVD: CVE-2014-2153 // JVNDB: JVNDB-2014-007882 // BID: 72555 // VULHUB: VHN-70092

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime infrastructurescope:lteversion:2.0

Trust: 0.8

vendor:ciscomodel:prime infrastructurescope:eqversion:1.3

Trust: 0.3

vendor:ciscomodel:prime infrastructurescope:eqversion:1.2

Trust: 0.3

vendor:ciscomodel:prime infrastructurescope:eqversion:2.0.0

Trust: 0.3

vendor:ciscomodel:prime infrastructurescope:eqversion:1.2.1

Trust: 0.3

sources: BID: 72555 // JVNDB: JVNDB-2014-007882 // CNNVD: CNNVD-201502-263 // NVD: CVE-2014-2153

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2153
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2153
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201502-263
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70092
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2153
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70092
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70092 // JVNDB: JVNDB-2014-007882 // CNNVD: CNNVD-201502-263 // NVD: CVE-2014-2153

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-70092 // JVNDB: JVNDB-2014-007882 // NVD: CVE-2014-2153

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-263

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201502-263

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:cisco:prime_infrastructure"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2014-007882

PATCH

title:Cisco Prime Infrastructure Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2153

Trust: 0.8

title:37402url:http://tools.cisco.com/security/center/viewAlert.x?alertId=37402

Trust: 0.8

sources: JVNDB: JVNDB-2014-007882

EXTERNAL IDS

db:NVDid:CVE-2014-2153

Trust: 2.8

db:BIDid:72555

Trust: 1.4

db:SECTRACKid:1031715

Trust: 1.1

db:JVNDBid:JVNDB-2014-007882

Trust: 0.8

db:CNNVDid:CNNVD-201502-263

Trust: 0.7

db:VULHUBid:VHN-70092

Trust: 0.1

sources: VULHUB: VHN-70092 // BID: 72555 // JVNDB: JVNDB-2014-007882 // CNNVD: CNNVD-201502-263 // NVD: CVE-2014-2153

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2153

Trust: 2.0

url:http://www.securityfocus.com/bid/72555

Trust: 1.1

url:http://www.securitytracker.com/id/1031715

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100746

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2153

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2153

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

url:http://tools.cisco.com/security/center/viewalert.x?alertid=37402

Trust: 0.3

sources: VULHUB: VHN-70092 // BID: 72555 // JVNDB: JVNDB-2014-007882 // CNNVD: CNNVD-201502-263 // NVD: CVE-2014-2153

CREDITS

Cisco

Trust: 0.3

sources: BID: 72555

SOURCES

db:VULHUBid:VHN-70092
db:BIDid:72555
db:JVNDBid:JVNDB-2014-007882
db:CNNVDid:CNNVD-201502-263
db:NVDid:CVE-2014-2153

LAST UPDATE DATE

2024-11-23T21:55:06.087000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-70092date:2017-08-29T00:00:00
db:BIDid:72555date:2015-02-09T00:00:00
db:JVNDBid:JVNDB-2014-007882date:2015-02-17T00:00:00
db:CNNVDid:CNNVD-201502-263date:2015-02-12T00:00:00
db:NVDid:CVE-2014-2153date:2024-11-21T02:05:44.967

SOURCES RELEASE DATE

db:VULHUBid:VHN-70092date:2015-02-12T00:00:00
db:BIDid:72555date:2015-02-09T00:00:00
db:JVNDBid:JVNDB-2014-007882date:2015-02-17T00:00:00
db:CNNVDid:CNNVD-201502-263date:2015-02-12T00:00:00
db:NVDid:CVE-2014-2153date:2015-02-12T01:59:17.767