fkie_cve-2014-2138
Vulnerability from fkie_nvd
Published
2014-04-02 03:58
Modified
2025-04-12 10:46
Severity ?
Summary
CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_manager | * | |
| cisco | security_manager | 3.0.2 | |
| cisco | security_manager | 3.1 | |
| cisco | security_manager | 3.1.1 | |
| cisco | security_manager | 3.1.1 | |
| cisco | security_manager | 3.2 | |
| cisco | security_manager | 3.2 | |
| cisco | security_manager | 3.2 | |
| cisco | security_manager | 3.2.1 | |
| cisco | security_manager | 3.2.1 | |
| cisco | security_manager | 3.2.2 | |
| cisco | security_manager | 3.2.2 | |
| cisco | security_manager | 3.2.2 | |
| cisco | security_manager | 3.2.2 | |
| cisco | security_manager | 3.2.2 | |
| cisco | security_manager | 3.3 | |
| cisco | security_manager | 3.3 | |
| cisco | security_manager | 3.3 | |
| cisco | security_manager | 3.3.1 | |
| cisco | security_manager | 3.3.1 | |
| cisco | security_manager | 3.3.1 | |
| cisco | security_manager | 3.3.1 | |
| cisco | security_manager | 3.3.1 | |
| cisco | security_manager | 4.0 | |
| cisco | security_manager | 4.0 | |
| cisco | security_manager | 4.0.1 | |
| cisco | security_manager | 4.0.1 | |
| cisco | security_manager | 4.0.1 | |
| cisco | security_manager | 4.1 | |
| cisco | security_manager | 4.1 | |
| cisco | security_manager | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_manager:*:-:*:*:*:*:*:*",
"matchCriteriaId": "37213FD2-3F3C-4338-8E76-8FE0B7CFEF28",
"versionEndIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F831EEB-A499-4C76-A085-52F3D750E0FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "921F93B3-84A8-471B-9A3A-780C76BA3685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDFAFD3-DEC0-4C6E-BE75-921286A3B2FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.1.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B2F46134-691C-4B96-87EE-6977E49905CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4686AD6B-CAB3-4CE5-9B13-D30613C614CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D01CF39F-7492-4DB1-8EB7-01879EB8B6FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2:sp2:*:*:*:*:*:*",
"matchCriteriaId": "684784EB-A61E-4FBE-AC5F-AE7E69BD60A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7061A26C-4BC0-4466-99FE-60620BA45629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E3EAAD49-6786-4E0A-B9E1-C3D0BD061132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "0CA1A1A1-7D11-4627-B21B-986ED17052DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D78BB8AD-03A2-4B49-907D-A9E569D20F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8F119D84-BFDB-4B8F-A562-9FD435D6AA0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp3:*:*:*:*:*:*",
"matchCriteriaId": "ACE44650-A39C-4CCE-B6C1-6BB8AF2C4561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp4:*:*:*:*:*:*",
"matchCriteriaId": "CB734AB4-510F-4664-8AE8-245C01081FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "464B6C02-500C-4047-AC5C-FFF8B4FE0339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "16E3E0D8-EEFD-40A2-BEAA-0726D9A6AAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A88FE587-12D2-4164-8EBC-0BD5A24B33FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "869F6480-DEFA-4470-8F09-373544056ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EEF0D9F6-5768-4E90-B025-FE5D7D93D5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F26AE3A9-F57D-41D7-8B90-23E4CEFF8532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CF4C2C27-E015-4481-8D0F-05D8692D89B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "FB48A845-E183-493A-BF4E-AE919BD50D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7C9BB8F5-997E-4D2D-A859-FDC23D4AD28C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F1A7E9AE-64B8-475A-8914-1D3BFD79841A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "48ACDEF6-BAB4-4114-8034-15D58A1572CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FAC58C2C-15B3-4CDD-A320-24D54F12BB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BDA8D184-1148-476D-9C35-0D2ED6B324EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B08598EC-5065-4497-80E6-43F145ACB1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "8CAFA481-6CA8-4E74-9AEF-A497E23597AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF3D3EA0-5EA3-4252-BA51-E149BE3F2AAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en el framework web en Cisco Security Manager 4.2 y anteriores permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de redirecci\u00f3n a trav\u00e9s de una URL manipulada, tambi\u00e9n conocido como Bug ID CSCun82349."
}
],
"id": "CVE-2014-2138",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-02T03:58:17.137",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2138"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33607"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…