CVE-2014-2138

CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

Severity	MEDIUM
CVSS	4.3
EPSS	0.21% EPSS low
CWE	CWE-20
KEV
Published	12 years ago
Modified	2 weeks ago

Products with public affected evidence

Product	Advisory	Affected evidence
Cisco Security Manager	Cisco-SA-20140401-CVE-2014-2138	structured affected CSAF product_status