var-201501-0290
Vulnerability from variot
Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940. Vendors have confirmed this vulnerability Bug ID CSCuo24931 and CSCuo24940 It is released as.A third party may spoof the authentication form and capture the authentication information. Cisco AnyConnect Secure Mobility Client is prone to a security vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug IDs CSCuo24931 and, CSCuo24940. Cisco AnyConnect on Android and OS X is a set of VPN applications based on the Android and OS X platforms of Cisco, which provides encrypted network connection functions. A security vulnerability exists in Cisco AnyConnect based on Android and OS X platforms. The vulnerability is caused by the program not validating the host type correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0290",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.0 (android and os x)"
},
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.1 (android and os x)"
},
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "mac_os_x"
},
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "android"
},
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "72059"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
},
{
"db": "NVD",
"id": "CVE-2014-3314"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:anyconnect_secure_mobility_client",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "72059"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3314",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3314",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-71254",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3314",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3314",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71254",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71254"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
},
{
"db": "NVD",
"id": "CVE-2014-3314"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940. Vendors have confirmed this vulnerability Bug ID CSCuo24931 and CSCuo24940 It is released as.A third party may spoof the authentication form and capture the authentication information. Cisco AnyConnect Secure Mobility Client is prone to a security vulnerability. \nAn attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. \nThis issue is being tracked by Cisco Bug IDs CSCuo24931 and, CSCuo24940. Cisco AnyConnect on Android and OS X is a set of VPN applications based on the Android and OS X platforms of Cisco, which provides encrypted network connection functions. A security vulnerability exists in Cisco AnyConnect based on Android and OS X platforms. The vulnerability is caused by the program not validating the host type correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3314"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "BID",
"id": "72059"
},
{
"db": "VULHUB",
"id": "VHN-71254"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3314",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302",
"trust": 0.7
},
{
"db": "BID",
"id": "72059",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-71254",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71254"
},
{
"db": "BID",
"id": "72059"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
},
{
"db": "NVD",
"id": "CVE-2014-3314"
}
]
},
"id": "VAR-201501-0290",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71254"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:02:42.245000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco AnyConnect User Interface Dialog Rendered When Connecting to Arbitrary Hosts Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3314"
},
{
"title": "37004",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37004"
},
{
"title": "Cisco AnyConnect Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118317"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71254"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "NVD",
"id": "CVE-2014-3314"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3314"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3314"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3314"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/anyconnect-secure-mobility-client/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71254"
},
{
"db": "BID",
"id": "72059"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
},
{
"db": "NVD",
"id": "CVE-2014-3314"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71254"
},
{
"db": "BID",
"id": "72059"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
},
{
"db": "NVD",
"id": "CVE-2014-3314"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-14T00:00:00",
"db": "VULHUB",
"id": "VHN-71254"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72059"
},
{
"date": "2015-01-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"date": "2015-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-302"
},
{
"date": "2015-01-14T19:59:00.053000",
"db": "NVD",
"id": "CVE-2014-3314"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-71254"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72059"
},
{
"date": "2015-01-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-302"
},
{
"date": "2024-11-21T02:07:50.927000",
"db": "NVD",
"id": "CVE-2014-3314"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Android and OS X Run on Cisco AnyConnect Vulnerabilities in which authentication forms are spoofed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "72059"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…