Authorization Bypass in Cisco Transport Gateway for Smart Call Home
CVE-2014-3345

Currently unrated

Key Information:

Vendor: Cisco
Status: Transport Gateway Installation Software
Vendor: CVE Published:; 28 August 2014

What is CVE-2014-3345?

The Cisco Transport Gateway for Smart Call Home 4.0 is impacted by an authorization bypass vulnerability that enables remote attackers to modify the product's configuration. This occurs due to improper authorization checks on administrative web pages, facilitating unauthorized access via specially crafted URLs. Organizations using this product may be susceptible to significant alterations to their system settings, potentially compromising their security framework and operational integrity.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/69442

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2014
Vulnerability Reserved
May 7, 2014