Sign-up

ID

VAR-201402-0193


CVE

CVE-2014-0686


TITLE

Cisco Unified Communications Manager Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2014-001308

DESCRIPTION

Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. Vendors have confirmed this vulnerability Bug ID CSCul24917 and CSCul24908 It is released as.Authority may be obtained by using incorrect file permissions by local users. A local attacker can exploit this issue to gain escalated privileges. Very limited information is currently available regarding this issue. We will update this BID as more information emerges. This issue is being tracked by Cisco Bug ID's CSCul24917 and CSCul24908. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-0686 // JVNDB: JVNDB-2014-001308 // BID: 65281 // VULHUB: VHN-68179

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:9.1\(2\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:9.1\(1\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:lteversion:9.1\(2.10000.28\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:lteversion:9.1 (2.10000.28)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:9.1\(2.10000.28\)

Trust: 0.6

sources: JVNDB: JVNDB-2014-001308 // CNNVD: CNNVD-201402-027 // NVD: CVE-2014-0686

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0686
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0686
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201402-027
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68179
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0686
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68179
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68179 // JVNDB: JVNDB-2014-001308 // CNNVD: CNNVD-201402-027 // NVD: CVE-2014-0686

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-68179 // JVNDB: JVNDB-2014-001308 // NVD: CVE-2014-0686

THREAT TYPE

local

Trust: 0.9

sources: BID: 65281 // CNNVD: CNNVD-201402-027

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201402-027

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001308

PATCH
title:Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686
Trust: 0.8
title:32683url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32683
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001308

EXTERNAL IDS
db:NVDid:CVE-2014-0686
Trust: 2.8
db:BIDid:65281
Trust: 1.4
db:SECUNIAid:56818
Trust: 1.1
db:OSVDBid:102750
Trust: 1.1
db:JVNDBid:JVNDB-2014-001308
Trust: 0.8
db:CNNVDid:CNNVD-201402-027
Trust: 0.7
db:CISCOid:20140131 CISCO UNIFIED COMMUNICATIONS MANAGER OPERATING SYSTEM-LEVEL PRIVILEGE ESCALATION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-68179
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68179 // 
            
            
            
            BID: 65281 // 
            
            
            
            JVNDB: JVNDB-2014-001308 // 
            
            
            
            CNNVD: CNNVD-201402-027 // 
            
            
            
            NVD: CVE-2014-0686

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0686
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32683
Trust: 1.7
url:http://www.securityfocus.com/bid/65281
Trust: 1.1
url:http://osvdb.org/102750
Trust: 1.1
url:http://secunia.com/advisories/56818
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90852
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0686
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0686
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps7060/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68179 // 
            
            
            
            BID: 65281 // 
            
            
            
            JVNDB: JVNDB-2014-001308 // 
            
            
            
            CNNVD: CNNVD-201402-027 // 
            
            
            
            NVD: CVE-2014-0686

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65281

SOURCES
db:VULHUBid:VHN-68179
db:BIDid:65281
db:JVNDBid:JVNDB-2014-001308
db:CNNVDid:CNNVD-201402-027
db:NVDid:CVE-2014-0686

LAST UPDATE DATE
2024-11-23T21:55:27.905000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68179date:2018-01-03T00:00:00
db:BIDid:65281date:2014-02-05T00:54:00
db:JVNDBid:JVNDB-2014-001308date:2014-03-05T00:00:00
db:CNNVDid:CNNVD-201402-027date:2014-02-08T00:00:00
db:NVDid:CVE-2014-0686date:2024-11-21T02:02:39.650

SOURCES RELEASE DATE
db:VULHUBid:VHN-68179date:2014-02-04T00:00:00
db:BIDid:65281date:2014-01-31T00:00:00
db:JVNDBid:JVNDB-2014-001308date:2014-02-05T00:00:00
db:CNNVDid:CNNVD-201402-027date:2014-02-08T00:00:00
db:NVDid:CVE-2014-0686date:2014-02-04T05:39:08.480