Details of VAR-201401-0330

ID

VAR-201401-0330

CVE

CVE-2014-0666

TITLE

Windows Run on Cisco Jabber of Send Screen Capture Implementation of directory traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001193

DESCRIPTION

Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056. An attacker can exploit this issue to execute arbitrary code on the Windows machine with the privileges of the installed application. This issue is being tracked by Cisco bug ID CSCug48056. The program provides online status display, instant messaging, voice and other functions

Trust: 1.98

sources: NVD: CVE-2014-0666 // JVNDB: JVNDB-2014-001193 // BID: 64965 // VULHUB: VHN-68159

AFFECTED PRODUCTS

vendor:	cisco	model:	jabber	scope:	eq	version:	9.1\(.0\)	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	9.0\(.0\)	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	9.1	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	9.0\(.2\)	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	9.1\(.1\)	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	9.0\(.1\)	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	9.0	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	9.0\(.5\)	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	9.0\(.3\)	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	9.0\(.4\)	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	9.2	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	eq	version:	9.1\(.5\)	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lte	version:	9.2\(.1\)	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	eq	version:	9.1\(.2\)	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	eq	version:	9.1\(.4\)	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	eq	version:	9.1\(.3\)	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	eq	version:	9.2\(.0\)	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lte	version:	for windows 9.2(.1)	Trust: 0.8

sources: JVNDB: JVNDB-2014-001193 // CNNVD: CNNVD-201401-351 // NVD: CVE-2014-0666

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0666
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0666
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201401-351
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68159
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0666
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68159
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68159 // JVNDB: JVNDB-2014-001193 // CNNVD: CNNVD-201401-351 // NVD: CVE-2014-0666

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-68159 // JVNDB: JVNDB-2014-001193 // NVD: CVE-2014-0666

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-351

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201401-351

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001193

PATCH

title:	Cisco Jabber for Windows Remote Code Execution Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0666	Trust: 0.8
title:	32451	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32451	Trust: 0.8

sources: JVNDB: JVNDB-2014-001193

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0666	Trust: 2.8
db:	SECUNIA	id:	56331	Trust: 1.7
db:	BID	id:	64965	Trust: 1.4
db:	OSVDB	id:	102122	Trust: 1.1
db:	SECTRACK	id:	1029635	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-001193	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-351	Trust: 0.7
db:	CISCO	id:	20140115 CISCO JABBER FOR WINDOWS REMOTE CODE EXECUTION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-68159	Trust: 0.1

sources: VULHUB: VHN-68159 // BID: 64965 // JVNDB: JVNDB-2014-001193 // CNNVD: CNNVD-201401-351 // NVD: CVE-2014-0666

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0666	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32451	Trust: 1.7
url:	http://secunia.com/advisories/56331	Trust: 1.7
url:	http://www.securityfocus.com/bid/64965	Trust: 1.1
url:	http://osvdb.org/102122	Trust: 1.1
url:	http://www.securitytracker.com/id/1029635	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90435	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0666	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0666	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-68159 // BID: 64965 // JVNDB: JVNDB-2014-001193 // CNNVD: CNNVD-201401-351 // NVD: CVE-2014-0666

CREDITS

Cisco

Trust: 0.3

sources: BID: 64965

SOURCES

db:	VULHUB	id:	VHN-68159
db:	BID	id:	64965
db:	JVNDB	id:	JVNDB-2014-001193
db:	CNNVD	id:	CNNVD-201401-351
db:	NVD	id:	CVE-2014-0666

LAST UPDATE DATE

2024-11-23T22:31:21.433000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68159	date:	2017-08-29T00:00:00
db:	BID	id:	64965	date:	2014-01-16T05:23:00
db:	JVNDB	id:	JVNDB-2014-001193	date:	2014-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201401-351	date:	2014-01-22T00:00:00
db:	NVD	id:	CVE-2014-0666	date:	2024-11-21T02:02:37.310

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68159	date:	2014-01-16T00:00:00
db:	BID	id:	64965	date:	2014-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-001193	date:	2014-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201401-351	date:	2014-01-22T00:00:00
db:	NVD	id:	CVE-2014-0666	date:	2014-01-16T19:55:04.730