Vulnerability Details : CVE-2014-2116
Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2014-2116
Probability of exploitation activity in the next 30 days: 0.30%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-2116
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-2116
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2116
-
http://www.securitytracker.com/id/1030019
Cisco Emergency Responder Bugs Permit Cross-Site Scripting, Cross-Site Request Forgery, Opern Attacks - SecurityTracker
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=33641
Cisco Emergency Responder Dynamic Content Modification VulnerabilityVendor Advisory
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2116
Cisco Emergency Responder Dynamic Content Modification VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/66632
Cisco Emergency Responder CVE-2014-2116 Multiple Cross Site Scripting Vulnerabilities
Products affected by CVE-2014-2116
- cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*