CVE-2014-3314
UnknownEPSS 1.09%
Last modified
CVE-2014-3314 is a vulnerability of currently unknown severity. Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.. EPSS estimates a 1.09% chance of exploitation in the next 30 days.
Description
Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Anyconnect Secure Mobility Client | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-3314?
Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.
How severe is CVE-2014-3314?
Severity scoring for CVE-2014-3314 is pending analysis. The EPSS model estimates a 1.09% probability of exploitation in the next 30 days.
How do I fix CVE-2014-3314?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2014-3314?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST