Description
CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2138
Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=33607
Scores
EPSS
0.0095
EPSS Percentile
57.0%
Details
CWE
CWE-20
Status
published
Products (12)
cisco/security_manager
3.0.2
cisco/security_manager
3.1
cisco/security_manager
3.1.1 (2 CPE variants)
cisco/security_manager
3.2 (3 CPE variants)
cisco/security_manager
3.2.1 (2 CPE variants)
cisco/security_manager
3.2.2 (5 CPE variants)
cisco/security_manager
3.3 (3 CPE variants)
cisco/security_manager
3.3.1 (5 CPE variants)
cisco/security_manager
4.0 (2 CPE variants)
cisco/security_manager
4.0.1 (3 CPE variants)
... and 2 more
Published
Apr 02, 2014
Tracked Since
Feb 18, 2026