VAR-201408-0166
Vulnerability from variot - Updated: 2025-04-13 23:42The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503. Vendors have confirmed this vulnerability Bug ID CSCuq31503 It is released as.Skillfully crafted by a third party URL There is a possibility to change the product through. Attackers can exploit this issue to make changes to the affected system and bypass security restrictions. This issue is being tracked by Cisco Bug ID CSCuq31503
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "transport gateway installation software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "transport gateway for smart call home",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003989"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-437"
},
{
"db": "NVD",
"id": "CVE-2014-3345"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:transport_gateway_installation_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003989"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "69442"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3345",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3345",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-71285",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3345",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3345",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-437",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71285",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71285"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003989"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-437"
},
{
"db": "NVD",
"id": "CVE-2014-3345"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503. Vendors have confirmed this vulnerability Bug ID CSCuq31503 It is released as.Skillfully crafted by a third party URL There is a possibility to change the product through. \nAttackers can exploit this issue to make changes to the affected system and bypass security restrictions. \nThis issue is being tracked by Cisco Bug ID CSCuq31503",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3345"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003989"
},
{
"db": "BID",
"id": "69442"
},
{
"db": "VULHUB",
"id": "VHN-71285"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3345",
"trust": 2.8
},
{
"db": "BID",
"id": "69442",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1030774",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60391",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003989",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-437",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-71285",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71285"
},
{
"db": "BID",
"id": "69442"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003989"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-437"
},
{
"db": "NVD",
"id": "CVE-2014-3345"
}
]
},
"id": "VAR-201408-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71285"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:42:06.722000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Transport Gateway for Smart Call Home Unauthorized Configuration Change Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3345"
},
{
"title": "35468",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35468"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003989"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71285"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003989"
},
{
"db": "NVD",
"id": "CVE-2014-3345"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3345"
},
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35468"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/69442"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030774"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60391"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95589"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3345"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3345"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71285"
},
{
"db": "BID",
"id": "69442"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003989"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-437"
},
{
"db": "NVD",
"id": "CVE-2014-3345"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71285"
},
{
"db": "BID",
"id": "69442"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003989"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-437"
},
{
"db": "NVD",
"id": "CVE-2014-3345"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-71285"
},
{
"date": "2014-08-28T00:00:00",
"db": "BID",
"id": "69442"
},
{
"date": "2014-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003989"
},
{
"date": "2014-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-437"
},
{
"date": "2014-08-28T23:55:05.483000",
"db": "NVD",
"id": "CVE-2014-3345"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-71285"
},
{
"date": "2014-08-28T00:00:00",
"db": "BID",
"id": "69442"
},
{
"date": "2014-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003989"
},
{
"date": "2014-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-437"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3345"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-437"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Transport Gateway for Smart Call Home of Web Vulnerability to change products in the framework",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003989"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-437"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…