CVE-2014-2116

Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2116	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=33641	Vendor Advisory
http://www.securityfocus.com/bid/66632
http://www.securitytracker.com/id/1030019
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2116	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=33641	Vendor Advisory
http://www.securityfocus.com/bid/66632
http://www.securitytracker.com/id/1030019

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:05

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2116 - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2116 - Vendor Advisory
References	~~() http://tools.cisco.com/security/center/viewAlert.x?alertId=33641 - Vendor Advisory~~	() http://tools.cisco.com/security/center/viewAlert.x?alertId=33641 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/66632 -~~	() http://www.securityfocus.com/bid/66632 -
References	~~() http://www.securitytracker.com/id/1030019 -~~	() http://www.securitytracker.com/id/1030019 -

Information

Published : 2014-04-04 15:10

Updated : 2024-11-21 02:05

NVD link : CVE-2014-2116

Mitre link : CVE-2014-2116

CVE.ORG link : CVE-2014-2116

JSON object : View

Products Affected

cisco

emergency_responder

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2014-2116", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-04-04T15:10:37.403", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2116", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33641", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/66632", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1030019", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2116", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33641", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/66632", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1030019", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882."}, {"lang": "es", "value": "Cisco Emergency Responder (ER) 8.6 y anteriores permite a atacantes remotos inyectar p\u00e1ginas web y modificar contenido din\u00e1mico a trav\u00e9s de par\u00e1metros no especificados, tambi\u00e9n conocido como Bug ID CSCun37882."}], "lastModified": "2024-11-21T02:05:41.003", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3618717C-9230-46C7-B2EB-93C412474D41", "versionEndIncluding": "8.6"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}