CVE-2014-3344

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq31134, CSCuq31137, and CSCuq31563.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/60278
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3344	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=35431	Vendor Advisory
http://www.securityfocus.com/bid/69412
http://www.securitytracker.com/id/1030760
https://exchange.xforce.ibmcloud.com/vulnerabilities/95482

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:transport_gateway_installation_software:4.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-08-28 01:55

Updated : 2024-02-28 12:20

NVD link : CVE-2014-3344

Mitre link : CVE-2014-3344

CVE.ORG link : CVE-2014-3344

JSON object : View

Products Affected

cisco

transport_gateway_installation_software

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2014-3344", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-08-28T01:55:03.387", "references": [{"url": "http://secunia.com/advisories/60278", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3344", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35431", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/69412", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1030760", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95482", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq31134, CSCuq31137, and CSCuq31563."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en el Framework web en Cisco Transport Gateway for Smart Call Home (tambi\u00e9n conocido como TG-SCH o Transport Gateway Installation Software) 4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de par\u00e1metros no especificados, tambi\u00e9n conocido como Bug IDs CSCuq31129, CSCuq31134, CSCuq31137 y CSCuq31563."}], "lastModified": "2017-08-29T01:34:43.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:transport_gateway_installation_software:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A22B7C7F-F539-4995-A5A5-45CD7DD94492"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}