CVE-2014-3314
Cisco AnyConnect Secure Mobility Client - Authentication Spoofing via Host Type Verification Bypass
Title source: llmDescription
Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3314
Scores
EPSS
0.0109
EPSS Percentile
61.3%
Details
CWE
CWE-20
Status
published
Products (1)
cisco/anyconnect_secure_mobility_client
(2 CPE variants)
Published
Jan 14, 2015
Tracked Since
Feb 18, 2026