VAR-201501-0290
Vulnerability from variot - Updated: 2023-12-18 13:09Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940. Vendors have confirmed this vulnerability Bug ID CSCuo24931 and CSCuo24940 It is released as.A third party may spoof the authentication form and capture the authentication information. Cisco AnyConnect Secure Mobility Client is prone to a security vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug IDs CSCuo24931 and, CSCuo24940. Cisco AnyConnect on Android and OS X is a set of VPN applications based on the Android and OS X platforms of Cisco, which provides encrypted network connection functions. A security vulnerability exists in Cisco AnyConnect based on Android and OS X platforms. The vulnerability is caused by the program not validating the host type correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0290",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.0 (android and os x)"
},
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.1 (android and os x)"
},
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "mac_os_x"
},
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "android"
},
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "72059"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "NVD",
"id": "CVE-2014-3314"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:android:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:macos:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3314"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "72059"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3314",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-3314",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-71254",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3314",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71254",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71254"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "NVD",
"id": "CVE-2014-3314"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940. Vendors have confirmed this vulnerability Bug ID CSCuo24931 and CSCuo24940 It is released as.A third party may spoof the authentication form and capture the authentication information. Cisco AnyConnect Secure Mobility Client is prone to a security vulnerability. \nAn attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. \nThis issue is being tracked by Cisco Bug IDs CSCuo24931 and, CSCuo24940. Cisco AnyConnect on Android and OS X is a set of VPN applications based on the Android and OS X platforms of Cisco, which provides encrypted network connection functions. A security vulnerability exists in Cisco AnyConnect based on Android and OS X platforms. The vulnerability is caused by the program not validating the host type correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3314"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "BID",
"id": "72059"
},
{
"db": "VULHUB",
"id": "VHN-71254"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3314",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302",
"trust": 0.7
},
{
"db": "BID",
"id": "72059",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-71254",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71254"
},
{
"db": "BID",
"id": "72059"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "NVD",
"id": "CVE-2014-3314"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
}
]
},
"id": "VAR-201501-0290",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71254"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:09:16.777000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco AnyConnect User Interface Dialog Rendered When Connecting to Arbitrary Hosts Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3314"
},
{
"title": "37004",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37004"
},
{
"title": "Cisco AnyConnect Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118317"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71254"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "NVD",
"id": "CVE-2014-3314"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3314"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3314"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3314"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/anyconnect-secure-mobility-client/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71254"
},
{
"db": "BID",
"id": "72059"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "NVD",
"id": "CVE-2014-3314"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71254"
},
{
"db": "BID",
"id": "72059"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"db": "NVD",
"id": "CVE-2014-3314"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-14T00:00:00",
"db": "VULHUB",
"id": "VHN-71254"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72059"
},
{
"date": "2015-01-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"date": "2015-01-14T19:59:00.053000",
"db": "NVD",
"id": "CVE-2014-3314"
},
{
"date": "2015-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-302"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-71254"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72059"
},
{
"date": "2015-01-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007677"
},
{
"date": "2020-05-11T17:00:44.810000",
"db": "NVD",
"id": "CVE-2014-3314"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-302"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Android and OS X Run on Cisco AnyConnect Vulnerabilities in which authentication forms are spoofed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007677"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "72059"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-302"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…