Lucene search

CiscoCVE-2014-3352

HistoryAug 30, 2014 - 10:00 a.m.

CVE-2014-3352

2014-08-3010:00:00

CWE-20

cisco

web.nvd.nist.gov

cisco

intelligent automation

cloud

cisco cloud portal

cve-2014-3352

iframe vulnerability

bug id cscuh84801

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.006

Percentile

78.6%

JSON

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an “iFrame vulnerability,” aka Bug ID CSCuh84801.

Affected configurations

Nvd

Node

ciscocloud_portalRange≤2008.3sp9

ciscocloud_portalMatch9.1sp1

ciscocloud_portalMatch9.1sp2

ciscocloud_portalMatch9.1sp3

ciscocloud_portalMatch9.3

ciscocloud_portalMatch9.3.1

ciscocloud_portalMatch9.3.2

ciscocloud_portalMatch9.4

ciscocloud_portalMatch2008.3

ciscocloud_portalMatch2008.3sp6

ciscocloud_portalMatch2008.3sp7

ciscocloud_portalMatch2008.3sp8

VendorProductVersionCPE
ciscocloud_portal*cpe:2.3:a:cisco:cloud_portal:*:sp9:*:*:*:*:*:*
ciscocloud_portal9.1cpe:2.3:a:cisco:cloud_portal:9.1:sp1:*:*:*:*:*:*
ciscocloud_portal9.1cpe:2.3:a:cisco:cloud_portal:9.1:sp2:*:*:*:*:*:*
ciscocloud_portal9.1cpe:2.3:a:cisco:cloud_portal:9.1:sp3:*:*:*:*:*:*
ciscocloud_portal9.3cpe:2.3:a:cisco:cloud_portal:9.3:*:*:*:*:*:*:*
ciscocloud_portal9.3.1cpe:2.3:a:cisco:cloud_portal:9.3.1:*:*:*:*:*:*:*
ciscocloud_portal9.3.2cpe:2.3:a:cisco:cloud_portal:9.3.2:*:*:*:*:*:*:*
ciscocloud_portal9.4cpe:2.3:a:cisco:cloud_portal:9.4:*:*:*:*:*:*:*
ciscocloud_portal2008.3cpe:2.3:a:cisco:cloud_portal:2008.3:*:*:*:*:*:*:*
ciscocloud_portal2008.3cpe:2.3:a:cisco:cloud_portal:2008.3:sp6:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	cloud_portal	*	cpe:2.3:a:cisco:cloud_portal::sp9::::::*
cisco	cloud_portal	9.1	cpe:2.3:a:cisco:cloud_portal:9.1:sp1::::::
cisco	cloud_portal	9.1	cpe:2.3:a:cisco:cloud_portal:9.1:sp2::::::
cisco	cloud_portal	9.1	cpe:2.3:a:cisco:cloud_portal:9.1:sp3::::::
cisco	cloud_portal	9.3	cpe:2.3:a:cisco:cloud_portal:9.3:::::::*
cisco	cloud_portal	9.3.1	cpe:2.3:a:cisco:cloud_portal:9.3.1:::::::*
cisco	cloud_portal	9.3.2	cpe:2.3:a:cisco:cloud_portal:9.3.2:::::::*
cisco	cloud_portal	9.4	cpe:2.3:a:cisco:cloud_portal:9.4:::::::*
cisco	cloud_portal	2008.3	cpe:2.3:a:cisco:cloud_portal:2008.3:::::::*
cisco	cloud_portal	2008.3	cpe:2.3:a:cisco:cloud_portal:2008.3:sp6::::::

Rows per page:

1-10 of 121

References

secunia.com/advisories/60956

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3352

tools.cisco.com/security/center/viewAlert.x?alertId=35479

www.securityfocus.com/bid/69458

www.securitytracker.com/id/1030785

exchange.xforce.ibmcloud.com/vulnerabilities/95605

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.006

Percentile

78.6%

JSON

Related for CVE-2014-3352