CVE-2014-2138

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
02/04/2014
Last modified:
12/04/2025

Description

CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:cisco:security_manager:*:-:*:*:*:*:*:* 4.2 (including)
cpe:2.3:a:cisco:security_manager:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.1.1:sp3:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.2:sp1:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.2:sp2:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.2.1:sp1:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.2.2:-:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.2.2:sp1:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.2.2:sp2:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.2.2:sp3:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.2.2:sp4:*:*:*:*:*:*