Lucene search

[email protected]CVE-2014-2115

HistoryApr 04, 2014 - 3:10 p.m.

CVE-2014-2115

2014-04-0415:10:37

CWE-352

[email protected]

web.nvd.nist.gov

csrf

cisco emergency responder

vulnerability

authentication hijacking

cve-2014-2115

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.4%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.

Affected configurations

NVD

Node

ciscoemergency_responderRange≤8.6

CPENameOperatorVersion
cisco:emergency_respondercisco emergency responderle8.6

CPE	Name	Operator	Version
cisco:emergency_responder	cisco emergency responder	le	8.6

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2115

tools.cisco.com/security/center/viewAlert.x?alertId=33643

www.securityfocus.com/bid/66631

www.securitytracker.com/id/1030019

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.4%

JSON

Related for CVE-2014-2115

prion1 nvd1 cvelist1 cisco1