Details of VAR-201401-0363

ID

VAR-201401-0363

CVE

CVE-2014-0657

TITLE

Cisco Unified Communications Manager Unauthorized Access Vulnerability

Trust: 0.9

sources: BID: 64690 // CNNVD: CNNVD-201401-098

DESCRIPTION

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuj83540. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The vulnerability is caused by the program not properly managing role permissions

Trust: 1.98

sources: NVD: CVE-2014-0657 // JVNDB: JVNDB-2014-001015 // BID: 64690 // VULHUB: VHN-68150

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3b\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3b\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4a\)su2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(5\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(1b\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(5\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4a\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0\(1b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(5\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3d\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(5\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(1c\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su6	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	9.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(1b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.3\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(2\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3c\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(1\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1.2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(2\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(4\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(1\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3e\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr2a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2b	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	9.1(1)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(1)	Trust: 0.3

sources: BID: 64690 // JVNDB: JVNDB-2014-001015 // CNNVD: CNNVD-201401-098 // NVD: CVE-2014-0657

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0657
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0657
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201401-098
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68150
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0657
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68150
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68150 // JVNDB: JVNDB-2014-001015 // CNNVD: CNNVD-201401-098 // NVD: CVE-2014-0657

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-68150 // JVNDB: JVNDB-2014-001015 // NVD: CVE-2014-0657

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-098

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201401-098

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001015

PATCH

title:	Cisco Unified Communications Manager Role Bypass Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0657	Trust: 0.8
title:	32341	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32341	Trust: 0.8

sources: JVNDB: JVNDB-2014-001015

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0657	Trust: 2.8
db:	BID	id:	64690	Trust: 2.0
db:	OSVDB	id:	101800	Trust: 1.1
db:	SECTRACK	id:	1029571	Trust: 1.1
db:	SECUNIA	id:	56368	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-001015	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-098	Trust: 0.7
db:	CISCO	id:	20140107 CISCO UNIFIED COMMUNICATIONS MANAGER ROLE BYPASS VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-68150	Trust: 0.1

sources: VULHUB: VHN-68150 // BID: 64690 // JVNDB: JVNDB-2014-001015 // CNNVD: CNNVD-201401-098 // NVD: CVE-2014-0657

REFERENCES

url:	http://www.securityfocus.com/bid/64690	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0657	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32341	Trust: 1.7
url:	http://osvdb.org/101800	Trust: 1.1
url:	http://www.securitytracker.com/id/1029571	Trust: 1.1
url:	http://secunia.com/advisories/56368	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90120	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0657	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0657	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps7060/index.html	Trust: 0.3

sources: VULHUB: VHN-68150 // BID: 64690 // JVNDB: JVNDB-2014-001015 // CNNVD: CNNVD-201401-098 // NVD: CVE-2014-0657

CREDITS

Cisco

Trust: 0.9

sources: BID: 64690 // CNNVD: CNNVD-201401-098

SOURCES

db:	VULHUB	id:	VHN-68150
db:	BID	id:	64690
db:	JVNDB	id:	JVNDB-2014-001015
db:	CNNVD	id:	CNNVD-201401-098
db:	NVD	id:	CVE-2014-0657

LAST UPDATE DATE

2024-11-23T23:09:54.360000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68150	date:	2017-08-29T00:00:00
db:	BID	id:	64690	date:	2014-01-09T02:01:00
db:	JVNDB	id:	JVNDB-2014-001015	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201401-098	date:	2014-01-09T00:00:00
db:	NVD	id:	CVE-2014-0657	date:	2024-11-21T02:02:36.123

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68150	date:	2014-01-08T00:00:00
db:	BID	id:	64690	date:	2014-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-001015	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201401-098	date:	2014-01-08T00:00:00
db:	NVD	id:	CVE-2014-0657	date:	2014-01-08T21:55:06.410