CVE-2014-0671
CVE-2014-0671 is a medium-severity vulnerability in Cisco Mediasense with a CVSS 2.0 base score of 5.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-20.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.8)
- EPSS exploit prediction: 2% (81st percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-20
- Affected product: Cisco Mediasense
- Published:
- Last modified:
Description
Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749.
Frequently asked questions
- What is CVE-2014-0671?
- Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749.
- How severe is CVE-2014-0671?
- CVE-2014-0671 has a CVSS 2.0 base score of 5.8, rated medium severity.
- Is CVE-2014-0671 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (81st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2014-0671?
- CVE-2014-0671 affects Cisco Mediasense. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2014-0671?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2014-0671 published?
- CVE-2014-0671 was published on 2014-01-22 and last updated on 2026-06-17.
References
- http://osvdb.org/102341
- http://secunia.com/advisories/56544
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0671
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32517
- http://www.securityfocus.com/bid/65055
- http://www.securitytracker.com/id/1029669
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90617
Affected products (1)
- cpe:2.3:a:cisco:mediasense:-:*:*:*:*:*:*:*
More vulnerabilities in Cisco Mediasense
- CVE-2017-12337 — Critical (CVSS 9.8): A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System…
- CVE-2017-6779 — High (CVSS 7.5): Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco…
- CVE-2015-0736 — Medium (CVSS 6.8): Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to…
- CVE-2013-5502 — Medium (CVSS 5.0): The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows…
- CVE-2014-0670 — Medium (CVSS 4.3): Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers…
- CVE-2013-5501 — Medium (CVSS 4.3): Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject…
All CVEs affecting Cisco Mediasense →
Other CWE-20 (Improper Input Validation) vulnerabilities
- CVE-2026-48316 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48281 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48277 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48055 — Critical (CVSS 10.0): Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and…
- CVE-2026-34910 — Critical (CVSS 10.0): A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS…
- CVE-2026-33587 — Critical (CVSS 10.0): Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and…
Browse all CWE-20 (Improper Input Validation) vulnerabilities →