CVE-2014-2138

Published Apr 2, 2014
Last updated 3 months ago
CVSS info 4.3
Overview

Description: CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.
Source: ykramarz@cisco.com
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-20
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:*:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37213FD2-3F3C-4338-8E76-8FE0B7CFEF28",
            "versionEndIncluding": "4.2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F831EEB-A499-4C76-A085-52F3D750E0FD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "921F93B3-84A8-471B-9A3A-780C76BA3685"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADDFAFD3-DEC0-4C6E-BE75-921286A3B2FF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.1.1:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2F46134-691C-4B96-87EE-6977E49905CD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4686AD6B-CAB3-4CE5-9B13-D30613C614CB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.2:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D01CF39F-7492-4DB1-8EB7-01879EB8B6FF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.2:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "684784EB-A61E-4FBE-AC5F-AE7E69BD60A5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7061A26C-4BC0-4466-99FE-60620BA45629"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.2.1:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3EAAD49-6786-4E0A-B9E1-C3D0BD061132"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CA1A1A1-7D11-4627-B21B-986ED17052DF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D78BB8AD-03A2-4B49-907D-A9E569D20F10"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F119D84-BFDB-4B8F-A562-9FD435D6AA0D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACE44650-A39C-4CCE-B6C1-6BB8AF2C4561"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB734AB4-510F-4664-8AE8-245C01081FE0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "464B6C02-500C-4047-AC5C-FFF8B4FE0339"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.3:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16E3E0D8-EEFD-40A2-BEAA-0726D9A6AAC8"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.3:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A88FE587-12D2-4164-8EBC-0BD5A24B33FB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "869F6480-DEFA-4470-8F09-373544056ECA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEF0D9F6-5768-4E90-B025-FE5D7D93D5B4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F26AE3A9-F57D-41D7-8B90-23E4CEFF8532"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF4C2C27-E015-4481-8D0F-05D8692D89B5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB48A845-E183-493A-BF4E-AE919BD50D88"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:4.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C9BB8F5-997E-4D2D-A859-FDC23D4AD28C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:4.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1A7E9AE-64B8-475A-8914-1D3BFD79841A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48ACDEF6-BAB4-4114-8034-15D58A1572CD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAC58C2C-15B3-4CDD-A320-24D54F12BB72"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDA8D184-1148-476D-9C35-0D2ED6B324EB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B08598EC-5065-4497-80E6-43F145ACB1EA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:4.1:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CAFA481-6CA8-4E74-9AEF-A497E23597AF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:security_manager:4.1:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF3D3EA0-5EA3-4252-BA51-E149BE3F2AAB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
