Details of VAR-201402-0191

ID

VAR-201402-0191

CVE

CVE-2014-0679

TITLE

Cisco Prime Infrastructure In root Vulnerability to execute arbitrary commands with privileges

Trust: 0.8

sources: JVNDB: JVNDB-2014-001511

DESCRIPTION

Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308. An attacker can exploit this issue to execute system commands with root-level privileges. This issue being tracked by Cisco Bug ID CSCum71308

Trust: 1.98

sources: NVD: CVE-2014-0679 // JVNDB: JVNDB-2014-001511 // BID: 65816 // VULHUB: VHN-68172

AFFECTED PRODUCTS

vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.2	Trust: 1.8
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.4.1	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.2.1	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.3	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.4	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.4.0.45-2	Trust: 0.8
vendor:	cisco	model:	prime infrastructure	scope:	lt	version:	2.0	Trust: 0.8
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.3.0.20-2	Trust: 0.8
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.0.0.0.294-2	Trust: 0.8
vendor:	cisco	model:	prime infrastructure	scope:	lt	version:	1.4	Trust: 0.8
vendor:	cisco	model:	prime infrastructure	scope:	lt	version:	1.3	Trust: 0.8
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.4.0	Trust: 0.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.3.0	Trust: 0.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.2.0	Trust: 0.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.0.0	Trust: 0.6

sources: JVNDB: JVNDB-2014-001511 // CNNVD: CNNVD-201402-471 // NVD: CVE-2014-0679

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0679
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0679
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201402-471
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-68172
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0679
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68172
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68172 // JVNDB: JVNDB-2014-001511 // CNNVD: CNNVD-201402-471 // NVD: CVE-2014-0679

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-68172 // JVNDB: JVNDB-2014-001511 // NVD: CVE-2014-0679

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-471

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 65816 // CNNVD: CNNVD-201402-471

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001511

PATCH

title:	cisco-sa-20140226-pi	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi	Trust: 0.8
title:	32703	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32703	Trust: 0.8
title:	cisco-sa-20140226-pi	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122085_cisco-sa-20140226-pi-j.html	Trust: 0.8
title:	Cisco Prime Infrastructure Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95620	Trust: 0.6

sources: JVNDB: JVNDB-2014-001511 // CNNVD: CNNVD-201402-471

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0679	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-001511	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-471	Trust: 0.7
db:	BID	id:	65816	Trust: 0.4
db:	SEEBUG	id:	SSVID-61609	Trust: 0.1
db:	VULHUB	id:	VHN-68172	Trust: 0.1

sources: VULHUB: VHN-68172 // BID: 65816 // JVNDB: JVNDB-2014-001511 // CNNVD: CNNVD-201402-471 // NVD: CVE-2014-0679

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140226-pi	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0679	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0679	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-68172 // BID: 65816 // JVNDB: JVNDB-2014-001511 // CNNVD: CNNVD-201402-471 // NVD: CVE-2014-0679

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 65816

SOURCES

db:	VULHUB	id:	VHN-68172
db:	BID	id:	65816
db:	JVNDB	id:	JVNDB-2014-001511
db:	CNNVD	id:	CNNVD-201402-471
db:	NVD	id:	CVE-2014-0679

LAST UPDATE DATE

2024-11-23T22:02:14.122000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68172	date:	2019-07-29T00:00:00
db:	BID	id:	65816	date:	2014-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2014-001511	date:	2014-03-03T00:00:00
db:	CNNVD	id:	CNNVD-201402-471	date:	2019-07-30T00:00:00
db:	NVD	id:	CVE-2014-0679	date:	2024-11-21T02:02:38.827

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68172	date:	2014-02-27T00:00:00
db:	BID	id:	65816	date:	2014-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2014-001511	date:	2014-03-03T00:00:00
db:	CNNVD	id:	CNNVD-201402-471	date:	2014-02-28T00:00:00
db:	NVD	id:	CVE-2014-0679	date:	2014-02-27T20:55:05.130