ID
VAR-201401-0338
CVE
CVE-2014-0674
TITLE
Cisco Video Surveillance Operations Manager Vulnerability in which important information is obtained
Trust: 0.8
DESCRIPTION
Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCud10992. Cisco Video Surveillance Operations Manager (VSOM) is an enterprise-level video configuration and management solution from Cisco. This solution can provide secure configuration and management for web portal video, media server instances, cameras, etc. in the IP network
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | cisco | model: | video surveillance operations manager | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | cisco | model: | video surveillance operations manager | scope: | eq | version: | 7.0 | Trust: 0.8 |
| vendor: | cisco | model: | video surveillance operations manager software | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-287 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
authorization issue
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Cisco Video Surveillance Operations Manager MySQL Database Insufficient Authentication Controls | url: | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0674 | Trust: 0.8 |
| title: | 32554 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=32554 | Trust: 0.8 |
| title: | Cisco: Cisco Video Surveillance Operations Manager MySQL Database Insufficient Authentication Controls Vulnerability | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20140124-CVE-2014-0674 | Trust: 0.1 |
| title: | Debian CVElist Bug Report Logs: freetype: various new security issues | url: | https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=636bf773a13d57250ab124c78ea7a3dd | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2014-0674 | Trust: 2.9 |
| db: | BID | id: | 65111 | Trust: 1.5 |
| db: | SECTRACK | id: | 1029692 | Trust: 1.2 |
| db: | OSVDB | id: | 102409 | Trust: 1.2 |
| db: | SECUNIA | id: | 56619 | Trust: 1.2 |
| db: | JVNDB | id: | JVNDB-2014-001241 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201401-508 | Trust: 0.7 |
| db: | CISCO | id: | 20140123 CISCO VIDEO SURVEILLANCE OPERATIONS MANAGER MYSQL DATABASE INSUFFICIENT AUTHENTICATION CONTROLS | Trust: 0.6 |
| db: | VULHUB | id: | VHN-68167 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2014-0674 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0674 | Trust: 1.8 |
| url: | http://www.securityfocus.com/bid/65111 | Trust: 1.2 |
| url: | http://osvdb.org/102409 | Trust: 1.2 |
| url: | http://www.securitytracker.com/id/1029692 | Trust: 1.2 |
| url: | http://secunia.com/advisories/56619 | Trust: 1.2 |
| url: | http://www.ubuntu.com/usn/usn-2739-1 | Trust: 1.2 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/90651 | Trust: 1.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0674 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0674 | Trust: 0.8 |
| url: | http://www.cisco.com | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/287.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140124-cve-2014-0674 | Trust: 0.1 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-68167 |
| db: | VULMON | id: | CVE-2014-0674 |
| db: | BID | id: | 65111 |
| db: | JVNDB | id: | JVNDB-2014-001241 |
| db: | CNNVD | id: | CNNVD-201401-508 |
| db: | NVD | id: | CVE-2014-0674 |
LAST UPDATE DATE
2024-11-23T23:12:47.745000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-68167 | date: | 2017-08-29T00:00:00 |
| db: | VULMON | id: | CVE-2014-0674 | date: | 2017-08-29T00:00:00 |
| db: | BID | id: | 65111 | date: | 2014-01-25T00:33:00 |
| db: | JVNDB | id: | JVNDB-2014-001241 | date: | 2014-01-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-201401-508 | date: | 2014-01-26T00:00:00 |
| db: | NVD | id: | CVE-2014-0674 | date: | 2024-11-21T02:02:38.263 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-68167 | date: | 2014-01-24T00:00:00 |
| db: | VULMON | id: | CVE-2014-0674 | date: | 2014-01-24T00:00:00 |
| db: | BID | id: | 65111 | date: | 2014-01-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-001241 | date: | 2014-01-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-201401-508 | date: | 2014-01-26T00:00:00 |
| db: | NVD | id: | CVE-2014-0674 | date: | 2014-01-24T04:38:09.667 |