CVE-2014-2138

Cisco Security Manager <4.2 - Code Injection

Title source: llm
STIX 2.1

Description

CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.

References (2)

Core 2
Core References

Scores

EPSS 0.0095
EPSS Percentile 57.0%

Details

CWE
CWE-20
Status published
Products (12)
cisco/security_manager 3.0.2
cisco/security_manager 3.1
cisco/security_manager 3.1.1 (2 CPE variants)
cisco/security_manager 3.2 (3 CPE variants)
cisco/security_manager 3.2.1 (2 CPE variants)
cisco/security_manager 3.2.2 (5 CPE variants)
cisco/security_manager 3.3 (3 CPE variants)
cisco/security_manager 3.3.1 (5 CPE variants)
cisco/security_manager 4.0 (2 CPE variants)
cisco/security_manager 4.0.1 (3 CPE variants)
... and 2 more
Published Apr 02, 2014
Tracked Since Feb 18, 2026