CVE-2014-3267 - OpenCVE

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Security Manager

Configuration 1 [-]

OR	cpe:2.3:a:cisco:security_manager::::::::
	cpe:2.3:a:cisco:security_manager:4.0:-::::::
	cpe:2.3:a:cisco:security_manager:4.0:sp1::::::
	cpe:2.3:a:cisco:security_manager:4.0.1:-::::::
	cpe:2.3:a:cisco:security_manager:4.0.1:sp1::::::
	cpe:2.3:a:cisco:security_manager:4.0.1:sp2::::::
	cpe:2.3:a:cisco:security_manager:4.1:::::::*
	cpe:2.3:a:cisco:security_manager:4.1:sp1::::::
	cpe:2.3:a:cisco:security_manager:4.1:sp2::::::
	cpe:2.3:a:cisco:security_manager:4.2:-::::::
	cpe:2.3:a:cisco:security_manager:4.2:sp1::::::
	cpe:2.3:a:cisco:security_manager:4.3:-::::::
	cpe:2.3:a:cisco:security_manager:4.3:sp1::::::
	cpe:2.3:a:cisco:security_manager:4.3:sp2::::::
	cpe:2.3:a:cisco:security_manager:4.4:-::::::
	cpe:2.3:a:cisco:security_manager:4.4:sp1::::::
	cpe:2.3:a:cisco:security_manager:4.4:sp2::::::
	cpe:2.3:a:cisco:security_manager:4.5:::::::*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3267
http://tools.cisco.com/security/center/viewAlert.x?alertId=34325
http://www.securitytracker.com/id/1030271

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2014-05-23T22:00:00

Updated: 2024-08-06T10:35:57.107Z

Reserved: 2014-05-07T00:00:00

Link: CVE-2014-3267

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-05-26T00:25:31.330

Modified: 2016-09-07T16:52:05.937

Link: CVE-2014-3267

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-21T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-06-09T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20140521 Cisco Security Manager Cross-Site Request Forgery Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3267"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34325"}, {"name": "1030271", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030271"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2014-3267", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20140521 Cisco Security Manager Cross-Site Request Forgery Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3267"}, {"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34325", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34325"}, {"name": "1030271", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030271"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:35:57.107Z"}, "title": "CVE Program Container", "references": [{"name": "20140521 Cisco Security Manager Cross-Site Request Forgery Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3267"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34325"}, {"name": "1030271", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030271"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2014-3267", "datePublished": "2014-05-23T22:00:00", "dateReserved": "2014-05-07T00:00:00", "dateUpdated": "2024-08-06T10:35:57.107Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "765CA5F3-C5BA-4D1A-A05A-9DEF7C2C5DAF", "versionEndIncluding": "4.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.0:-:*:*:*:*:*:*", "matchCriteriaId": "7C9BB8F5-997E-4D2D-A859-FDC23D4AD28C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "F1A7E9AE-64B8-475A-8914-1D3BFD79841A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "48ACDEF6-BAB4-4114-8034-15D58A1572CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "FAC58C2C-15B3-4CDD-A320-24D54F12BB72", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "BDA8D184-1148-476D-9C35-0D2ED6B324EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "B08598EC-5065-4497-80E6-43F145ACB1EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "8CAFA481-6CA8-4E74-9AEF-A497E23597AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "DF3D3EA0-5EA3-4252-BA51-E149BE3F2AAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.2:-:*:*:*:*:*:*", "matchCriteriaId": "A0D77CA9-322F-4067-A2FA-36C3F8E70180", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.2:sp1:*:*:*:*:*:*", "matchCriteriaId": "6CBD8EF7-4732-4C89-87B3-B4221A8C1061", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.3:-:*:*:*:*:*:*", "matchCriteriaId": "1746C2CA-205A-439F-847F-E0D8A51AC81E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.3:sp1:*:*:*:*:*:*", "matchCriteriaId": "29D9C646-3741-4BFE-BF9E-ECDAA31A035F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.3:sp2:*:*:*:*:*:*", "matchCriteriaId": "CBDE791A-0D63-4A67-860E-BD2C0BE61A49", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.4:-:*:*:*:*:*:*", "matchCriteriaId": "C585EC2F-B171-495F-9647-1D86F45E7A16", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.4:sp1:*:*:*:*:*:*", "matchCriteriaId": "1355DC09-7DF9-407B-885D-341843B41C89", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.4:sp2:*:*:*:*:*:*", "matchCriteriaId": "AC653725-B441-4827-99C0-6AE3F2AF0E7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_manager:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "A10E1D3D-456E-4E10-BB71-CE76BF2D13E0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en el Framework web en Cisco Security Manager 4.6 y anteriores permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que realizan cambios no especificados, tambi\u00e9n conocido como Bug ID CSCuo46427."}], "id": "CVE-2014-3267", "lastModified": "2016-09-07T16:52:05.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-05-26T00:25:31.330", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3267"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34325"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1030271"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}