Lucene search

[email protected]CVE-2014-3345

HistoryAug 28, 2014 - 11:55 p.m.

CVE-2014-3345

2014-08-2823:55:05

CWE-264

[email protected]

web.nvd.nist.gov

cisco

transport gateway

smart call home

bug id

cscuq31503

cve-2014-3345

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.7%

JSON

The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503.

Affected configurations

NVD

Node

ciscotransport_gateway_installation_softwareMatch4.0

CPENameOperatorVersion
cisco:transport_gateway_installation_softwarecisco transport gateway installation softwareeq4.0

CPE	Name	Operator	Version
cisco:transport_gateway_installation_software	cisco transport gateway installation software	eq	4.0

References

secunia.com/advisories/60391

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3345

tools.cisco.com/security/center/viewAlert.x?alertId=35468

www.securityfocus.com/bid/69442

www.securitytracker.com/id/1030774

exchange.xforce.ibmcloud.com/vulnerabilities/95589

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.7%

JSON

Related for CVE-2014-3345

cvelist1 nvd1 cisco1 prion1