CVE-2014-2138
Published Apr 2, 2014
Last updated 11 years ago
Overview
- Description
- CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_manager:*:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37213FD2-3F3C-4338-8E76-8FE0B7CFEF28",
"versionEndIncluding": "4.2"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F831EEB-A499-4C76-A085-52F3D750E0FD"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "921F93B3-84A8-471B-9A3A-780C76BA3685"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADDFAFD3-DEC0-4C6E-BE75-921286A3B2FF"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.1.1:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2F46134-691C-4B96-87EE-6977E49905CD"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4686AD6B-CAB3-4CE5-9B13-D30613C614CB"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D01CF39F-7492-4DB1-8EB7-01879EB8B6FF"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "684784EB-A61E-4FBE-AC5F-AE7E69BD60A5"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7061A26C-4BC0-4466-99FE-60620BA45629"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.1:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3EAAD49-6786-4E0A-B9E1-C3D0BD061132"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CA1A1A1-7D11-4627-B21B-986ED17052DF"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D78BB8AD-03A2-4B49-907D-A9E569D20F10"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F119D84-BFDB-4B8F-A562-9FD435D6AA0D"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACE44650-A39C-4CCE-B6C1-6BB8AF2C4561"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.2.2:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB734AB4-510F-4664-8AE8-245C01081FE0"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "464B6C02-500C-4047-AC5C-FFF8B4FE0339"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16E3E0D8-EEFD-40A2-BEAA-0726D9A6AAC8"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A88FE587-12D2-4164-8EBC-0BD5A24B33FB"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "869F6480-DEFA-4470-8F09-373544056ECA"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EEF0D9F6-5768-4E90-B025-FE5D7D93D5B4"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F26AE3A9-F57D-41D7-8B90-23E4CEFF8532"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF4C2C27-E015-4481-8D0F-05D8692D89B5"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:3.3.1:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB48A845-E183-493A-BF4E-AE919BD50D88"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C9BB8F5-997E-4D2D-A859-FDC23D4AD28C"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1A7E9AE-64B8-475A-8914-1D3BFD79841A"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48ACDEF6-BAB4-4114-8034-15D58A1572CD"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FAC58C2C-15B3-4CDD-A320-24D54F12BB72"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.0.1:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDA8D184-1148-476D-9C35-0D2ED6B324EB"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B08598EC-5065-4497-80E6-43F145ACB1EA"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.1:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CAFA481-6CA8-4E74-9AEF-A497E23597AF"
},
{
"criteria": "cpe:2.3:a:cisco:security_manager:4.1:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF3D3EA0-5EA3-4252-BA51-E149BE3F2AAB"
}
],
"operator": "OR"
}
]
}
]