exploitDog

CVE-2014-3314

Опубликовано: 14 янв. 2015

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3314
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3314
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:android:*:*

Конфигурация 2

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:macos:*:*

EPSS

Процентиль: 57%

0.00354

Низкий

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-mjm7-2w76-w36q

github

больше 3 лет назад

Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.

EPSS

Процентиль: 57%

0.00354

Низкий

5 Medium

CVSS2

Дефекты

CWE-20