// For flags

CVE-2014-3289

 

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.

Vulnerabilidad de XSS en la interfaz de gestión web en Cisco AsyncOS en Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) y anteriores y Content Security Management Appliance (SMA) 8.3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro manipulado, tal y como fue demostrado por el parámetro date_range en monitor/reports/overview en IronPort ESA, también conocido como Bug IDs CSCun07998, CSCun07844 y CSCun07888.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-05-07 CVE Reserved
  • 2014-06-10 CVE Published
  • 2024-01-21 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Ironport Asyncos
Search vendor "Cisco" for product "Ironport Asyncos"
<= 8.0
Search vendor "Cisco" for product "Ironport Asyncos" and version " <= 8.0"
-
Affected
in Cisco
Search vendor "Cisco"
Web Security Appliance
Search vendor "Cisco" for product "Web Security Appliance"
--
Affected
Cisco
Search vendor "Cisco"
Ironport Asyncos
Search vendor "Cisco" for product "Ironport Asyncos"
<= 8.3
Search vendor "Cisco" for product "Ironport Asyncos" and version " <= 8.3"
-
Affected
in Cisco
Search vendor "Cisco"
Content Security Management Appliance
Search vendor "Cisco" for product "Content Security Management Appliance"
--
Affected
Cisco
Search vendor "Cisco"
Ironport Asyncos
Search vendor "Cisco" for product "Ironport Asyncos"
8.0
Search vendor "Cisco" for product "Ironport Asyncos" and version "8.0"
-
Affected
in Cisco
Search vendor "Cisco"
Email Security Appliance Firmware
Search vendor "Cisco" for product "Email Security Appliance Firmware"
--
Affected