Details of VAR-201402-0200

ID

VAR-201402-0200

CVE

CVE-2014-0722

TITLE

Cisco Unified Communications Manager of log4jinit Web Service disruption in applications (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001396

DESCRIPTION

The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347. Cisco Unified Communications Manager is prone to an unauthorized access vulnerability. An attacker can exploit this issue to gain unauthorized access to affected application. This may aid in generating activity within the application resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCum05347. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-0722 // JVNDB: JVNDB-2014-001396 // BID: 65494 // VULHUB: VHN-68215

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0(1)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 65494 // JVNDB: JVNDB-2014-001396 // CNNVD: CNNVD-201402-149 // NVD: CVE-2014-0722

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0722
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0722
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201402-149
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68215
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0722
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68215
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68215 // JVNDB: JVNDB-2014-001396 // CNNVD: CNNVD-201402-149 // NVD: CVE-2014-0722

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-68215 // JVNDB: JVNDB-2014-001396 // NVD: CVE-2014-0722

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-149

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201402-149

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001396

PATCH

title:	Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0722	Trust: 0.8
title:	32823	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32823	Trust: 0.8

sources: JVNDB: JVNDB-2014-001396

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0722	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-001396	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-149	Trust: 0.7
db:	CISCO	id:	20140211 CISCO UNIFIED COMMUNICATIONS MANAGER UNAUTHENTICATED LOG4JINIT ACCESS VULNERABILITY	Trust: 0.6
db:	BID	id:	65494	Trust: 0.4
db:	VULHUB	id:	VHN-68215	Trust: 0.1

sources: VULHUB: VHN-68215 // BID: 65494 // JVNDB: JVNDB-2014-001396 // CNNVD: CNNVD-201402-149 // NVD: CVE-2014-0722

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0722	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0722	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0722	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32823	Trust: 0.3

sources: VULHUB: VHN-68215 // BID: 65494 // JVNDB: JVNDB-2014-001396 // CNNVD: CNNVD-201402-149 // NVD: CVE-2014-0722

CREDITS

Cisco

Trust: 0.3

sources: BID: 65494

SOURCES

db:	VULHUB	id:	VHN-68215
db:	BID	id:	65494
db:	JVNDB	id:	JVNDB-2014-001396
db:	CNNVD	id:	CNNVD-201402-149
db:	NVD	id:	CVE-2014-0722

LAST UPDATE DATE

2024-11-23T23:09:54.201000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68215	date:	2014-02-13T00:00:00
db:	BID	id:	65494	date:	2014-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-001396	date:	2014-02-14T00:00:00
db:	CNNVD	id:	CNNVD-201402-149	date:	2014-02-17T00:00:00
db:	NVD	id:	CVE-2014-0722	date:	2024-11-21T02:02:41.383

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68215	date:	2014-02-13T00:00:00
db:	BID	id:	65494	date:	2014-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-001396	date:	2014-02-14T00:00:00
db:	CNNVD	id:	CNNVD-201402-149	date:	2014-02-17T00:00:00
db:	NVD	id:	CVE-2014-0722	date:	2014-02-13T05:24:51.450