VAR-201405-0467
Vulnerability from variot - Updated: 2025-04-12 23:37Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389. Vendors have confirmed this vulnerability Bug IDs CSCuo23804 and CSCuo26389 It is released as.A third party is hijacking the authentication of any user, BAC-TW Is subject to change. Cisco Broadband Access Center (BAC) is a decentralized, strippable, signer device hypervisor that implements automated user traffic management through the provision of user services. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuo23804 and CSCuo26389. A remote attacker could exploit this vulnerability to modify BAC-TW
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0467",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "broadband access center telco wireless software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "broadband access center telco wireless software",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "3.8(.0.1)"
},
{
"model": "broadband access center telco wireless",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02910"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002409"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-097"
},
{
"db": "NVD",
"id": "CVE-2014-2190"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:broadband_access_center_telco_wireless_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002409"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "67225"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2190",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-2190",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-2190",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-02910",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-70129",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2190",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-2190",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-02910",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-097",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70129",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02910"
},
{
"db": "VULHUB",
"id": "VHN-70129"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002409"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-097"
},
{
"db": "NVD",
"id": "CVE-2014-2190"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389. Vendors have confirmed this vulnerability Bug IDs CSCuo23804 and CSCuo26389 It is released as.A third party is hijacking the authentication of any user, BAC-TW Is subject to change. Cisco Broadband Access Center (BAC) is a decentralized, strippable, signer device hypervisor that implements automated user traffic management through the provision of user services. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. \nThis issue is being tracked by Cisco Bug ID CSCuo23804 and CSCuo26389. A remote attacker could exploit this vulnerability to modify BAC-TW",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2190"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002409"
},
{
"db": "CNVD",
"id": "CNVD-2014-02910"
},
{
"db": "BID",
"id": "67225"
},
{
"db": "VULHUB",
"id": "VHN-70129"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2190",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1030199",
"trust": 1.1
},
{
"db": "BID",
"id": "67225",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002409",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201405-097",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-02910",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20140506 CISCO BROADCAST ACCESS CENTER FOR TELCO AND WIRELESS CROSS-SITE REQUEST FORGERY VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70129",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02910"
},
{
"db": "VULHUB",
"id": "VHN-70129"
},
{
"db": "BID",
"id": "67225"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002409"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-097"
},
{
"db": "NVD",
"id": "CVE-2014-2190"
}
]
},
"id": "VAR-201405-0467",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02910"
},
{
"db": "VULHUB",
"id": "VHN-70129"
}
],
"trust": 1.14444445
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02910"
}
]
},
"last_update_date": "2025-04-12T23:37:04.318000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Broadcast Access Center for Telco and Wireless Cross-Site Request Forgery Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2190"
},
{
"title": "34146",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34146"
},
{
"title": "Patch for Cisco Broadband Access Center Telco Wireless Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/45478"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02910"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002409"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70129"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002409"
},
{
"db": "NVD",
"id": "CVE-2014-2190"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2190"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030199"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2190"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2190"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02910"
},
{
"db": "VULHUB",
"id": "VHN-70129"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002409"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-097"
},
{
"db": "NVD",
"id": "CVE-2014-2190"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-02910"
},
{
"db": "VULHUB",
"id": "VHN-70129"
},
{
"db": "BID",
"id": "67225"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002409"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-097"
},
{
"db": "NVD",
"id": "CVE-2014-2190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02910"
},
{
"date": "2014-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-70129"
},
{
"date": "2014-05-06T00:00:00",
"db": "BID",
"id": "67225"
},
{
"date": "2014-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002409"
},
{
"date": "2014-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-097"
},
{
"date": "2014-05-07T10:55:05.227000",
"db": "NVD",
"id": "CVE-2014-2190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02910"
},
{
"date": "2015-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-70129"
},
{
"date": "2014-05-08T07:22:00",
"db": "BID",
"id": "67225"
},
{
"date": "2014-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002409"
},
{
"date": "2014-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-097"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-2190"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-097"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Telco and Wireless for Cisco Broadcast Access Center of Web Cross-site request forgery vulnerability in framework",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002409"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-097"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…