Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8021

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-8021
Last Modified 17 Feb 2015 11:50:19
Published 03 Feb 2015 05:59:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-8021

Summary

Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.

Vulnerable Systems

Application

  • Cisco Anyconnect Secure Mobility Client 3.1%28.02043%29

  • Cisco Anyconnect Secure Mobility Client 3.1.02043

  • Cisco Hostscan Engine 3.1%28.05183%29

  • Cisco Hostscan Engine 3.1.05183


References

CONFIRM - http://tools.cisco.com/security/center/viewAlert.x?alertId=37323

CISCO - 20150202 Cisco AnyConnect and Cisco Host Scan Web Launch Cross-Site Scripting Vulnerability

BID - 72475


Last Updated: 27 May 2016 11:07:49