Cisco-SA-20141222-CVE-2014-8007

Cisco Prime Infrastructure Device Discovery Password Disclosure Vulnerability

Cisco-SA-20141222-CVE-2014-8007 · Medium · Published 11 years ago · Updated 11 years ago

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view the passwords stored for device discovery. The vulnerability occurs because the Quick Discovery options page contains the stored password in the HMTL page source. An attacker could exploit this vulnerability by inspecting the HTML source of the page. Proof-of-concept code that exploits this vulnerability is publicly available. Cisco has confirmed the vulnerability and released updated software. To exploit this vulnerability, the attacker must have authenticated access to the affected device. This access requirement decreases the likelihood of a successful exploit.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEs	CVE-2014-8007
Cisco Bug IDs	CSCum00019
CVSS Score	Base 4.0 Base 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C
Product Names From Source	Cisco Prime Infrastructure

CSAF Product Statuses

Product	Status	Source	CVE	Rows
Cisco Prime Infrastructure	known_affected	cisco_csaf	CVE-2014-8007	1

Related Products

Product	CVE	Evidence
Cisco Prime Infrastructure	CVE-2014-8007	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Prime Infrastructure Device Discovery Password Disclosure Vulnerability

Workarounds

CSAF Product Statuses

Related Products