CVE-2014-3314
Description
Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.354
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2014-3314,CVE-2021-1258 are affected in Cisco AnyConnect Secure Mobility Client For Windows 4.9.03047 | Windows |
| Vulnerabilities CVE-2014-3314 are affected in Cisco AnyConnect Secure Mobility Client for Mac 4.8.03651 | Mac |
| Vulnerabilities CVE-2014-3314 are affected in Cisco AnyConnect Secure Mobility Client for Mac 4.9.03047 | Mac |
| Improper Input Validation Vulnerability (CVE-2014-3314) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-338372 | Cisco AnyConnect Secure Mobility Client (4.10.08029) (Manual Upload Required) |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234