VAR-201408-0172
Vulnerability from variot - Updated: 2025-04-13 23:21Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh84801. Vendors have confirmed this vulnerability Bug ID CSCuh84801 It is released as.A third party may be able to obtain important information via a crafted packet. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCuh84801. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures. The vulnerability is due to the fact that the program does not fully verify the null session
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0172",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cloud portal",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.3.1"
},
{
"model": "cloud portal",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.3"
},
{
"model": "cloud portal",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.3.2"
},
{
"model": "cloud portal",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1"
},
{
"model": "cloud portal",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2008.3"
},
{
"model": "cloud portal",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.4"
},
{
"model": "cloud portal",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2008.3"
},
{
"model": "cloud portal",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "2008.3_sp9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-471"
},
{
"db": "NVD",
"id": "CVE-2014-3352"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:cloud_portal",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004008"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "69458"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3352",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-3352",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-71292",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3352",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3352",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-471",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71292",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71292"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-471"
},
{
"db": "NVD",
"id": "CVE-2014-3352"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an \"iFrame vulnerability,\" aka Bug ID CSCuh84801. Vendors have confirmed this vulnerability Bug ID CSCuh84801 It is released as.A third party may be able to obtain important information via a crafted packet. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. \nThis issue is being tracked by Cisco BugId CSCuh84801. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures. The vulnerability is due to the fact that the program does not fully verify the null session",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3352"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004008"
},
{
"db": "BID",
"id": "69458"
},
{
"db": "VULHUB",
"id": "VHN-71292"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3352",
"trust": 2.8
},
{
"db": "BID",
"id": "69458",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "60956",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030785",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004008",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-471",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-71292",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71292"
},
{
"db": "BID",
"id": "69458"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-471"
},
{
"db": "NVD",
"id": "CVE-2014-3352"
}
]
},
"id": "VAR-201408-0172",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71292"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:25.515000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Intelligent Automation for Cloud iFrame Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3352"
},
{
"title": "35479",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35479"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71292"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004008"
},
{
"db": "NVD",
"id": "CVE-2014-3352"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3352"
},
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35479"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/69458"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030785"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60956"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95605"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3352"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3352"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71292"
},
{
"db": "BID",
"id": "69458"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-471"
},
{
"db": "NVD",
"id": "CVE-2014-3352"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71292"
},
{
"db": "BID",
"id": "69458"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-471"
},
{
"db": "NVD",
"id": "CVE-2014-3352"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-71292"
},
{
"date": "2014-08-28T00:00:00",
"db": "BID",
"id": "69458"
},
{
"date": "2014-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004008"
},
{
"date": "2014-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-471"
},
{
"date": "2014-08-30T09:55:05.237000",
"db": "NVD",
"id": "CVE-2014-3352"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-71292"
},
{
"date": "2014-09-01T01:23:00",
"db": "BID",
"id": "69458"
},
{
"date": "2014-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004008"
},
{
"date": "2014-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-471"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3352"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Intelligent Automation for Cloud Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004008"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-471"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…