Lucene search

[email protected]CVE-2014-3344

HistoryAug 28, 2014 - 1:55 a.m.

CVE-2014-3344

2014-08-2801:55:03

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-3344

cross-site scripting

xss

cisco transport gateway

smart call home

tg-sch

transport gateway installation software

bug ids

cscuq31129

cscuq31134

cscuq31137

cscuq31563

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq31134, CSCuq31137, and CSCuq31563.

Affected configurations

NVD

Node

ciscotransport_gateway_installation_softwareMatch4.0

CPENameOperatorVersion
cisco:transport_gateway_installation_softwarecisco transport gateway installation softwareeq4.0

CPE	Name	Operator	Version
cisco:transport_gateway_installation_software	cisco transport gateway installation software	eq	4.0

References

secunia.com/advisories/60278

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3344

tools.cisco.com/security/center/viewAlert.x?alertId=35431

www.securityfocus.com/bid/69412

www.securitytracker.com/id/1030760

exchange.xforce.ibmcloud.com/vulnerabilities/95482

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

Related for CVE-2014-3344

prion1 cvelist1 cisco1 nvd1