CVE-2014-2138

Name of the Vulnerable Software and Affected Versions Cisco Security Manager versions 4.2 and earlier

Description A CRLF injection issue in the web framework allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL.

Recommendations For versions 4.2 and earlier, update to a version later than 4.2 to resolve the issue. As a temporary workaround, consider restricting access to the web framework to minimize the risk of exploitation.