CVE-2014-3314

EPSS 0.35%
Veröffentlicht 14.01.2015 19:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Anyconnect Secure Mobility Client SwPlatformandroid

Cisco ≫ Anyconnect Secure Mobility Client SwPlatformmacos

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.547

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3314

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-3314

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3314

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3314

EUVD