Lucene search

[email protected]CVE-2014-3352

HistoryAug 30, 2014 - 10:00 a.m.

CVE-2014-3352

2014-08-3010:00:00

CWE-20

[email protected]

web.nvd.nist.gov

cisco

intelligent automation

cloud

cisco cloud portal

cve-2014-3352

iframe vulnerability

bug id cscuh84801

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.7%

JSON

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an “iFrame vulnerability,” aka Bug ID CSCuh84801.

Affected configurations

NVD

Node

ciscocloud_portalRange≤2008.3sp9

ciscocloud_portalMatch9.1sp1

ciscocloud_portalMatch9.1sp2

ciscocloud_portalMatch9.1sp3

ciscocloud_portalMatch9.3

ciscocloud_portalMatch9.3.1

ciscocloud_portalMatch9.3.2

ciscocloud_portalMatch9.4

ciscocloud_portalMatch2008.3

ciscocloud_portalMatch2008.3sp6

ciscocloud_portalMatch2008.3sp7

ciscocloud_portalMatch2008.3sp8

CPENameOperatorVersion
cisco:cloud_portalcisco cloud portalle2008.3
cisco:cloud_portalcisco cloud portaleq9.1
cisco:cloud_portalcisco cloud portaleq9.3
cisco:cloud_portalcisco cloud portaleq9.3.1
cisco:cloud_portalcisco cloud portaleq9.3.2
cisco:cloud_portalcisco cloud portaleq9.4

CPE	Name	Operator	Version
cisco:cloud_portal	cisco cloud portal	le	2008.3
cisco:cloud_portal	cisco cloud portal	eq	9.1
cisco:cloud_portal	cisco cloud portal	eq	9.3
cisco:cloud_portal	cisco cloud portal	eq	9.3.1
cisco:cloud_portal	cisco cloud portal	eq	9.3.2
cisco:cloud_portal	cisco cloud portal	eq	9.4

References

secunia.com/advisories/60956

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3352

tools.cisco.com/security/center/viewAlert.x?alertId=35479

www.securityfocus.com/bid/69458

www.securitytracker.com/id/1030785

exchange.xforce.ibmcloud.com/vulnerabilities/95605

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.7%

JSON

Related for CVE-2014-3352

cisco1 prion1 cvelist1 nvd1