Details of VAR-201402-0202

ID

VAR-201402-0202

CVE

CVE-2014-0724

TITLE

Cisco Unified Communications Manager Vulnerabilities that bypass authentication in the bulk management interface

Trust: 0.8

sources: JVNDB: JVNDB-2014-001398

DESCRIPTION

The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. An attacker can exploit this issue to view arbitrary files from the local filesystem within the context of the affected application. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCum05340. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. There are security vulnerabilities in the bulk management interface of CUCM 10.0(1) and earlier versions

Trust: 1.98

sources: NVD: CVE-2014-0724 // JVNDB: JVNDB-2014-001398 // BID: 65497 // VULHUB: VHN-68217

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0(1)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0\(1\)	Trust: 0.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	0	Trust: 0.3

sources: BID: 65497 // JVNDB: JVNDB-2014-001398 // CNNVD: CNNVD-201402-151 // NVD: CVE-2014-0724

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0724
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0724
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201402-151
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68217
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0724
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68217
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68217 // JVNDB: JVNDB-2014-001398 // CNNVD: CNNVD-201402-151 // NVD: CVE-2014-0724

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-68217 // JVNDB: JVNDB-2014-001398 // NVD: CVE-2014-0724

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-151

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201402-151

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001398

PATCH

title:	Cisco Unified Communications Manager Arbitrary File Read Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0724	Trust: 0.8
title:	32825	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32825	Trust: 0.8

sources: JVNDB: JVNDB-2014-001398

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0724	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-001398	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-151	Trust: 0.7
db:	CISCO	id:	20140211 CISCO UNIFIED COMMUNICATIONS MANAGER ARBITRARY FILE READ VULNERABILITY	Trust: 0.6
db:	BID	id:	65497	Trust: 0.4
db:	VULHUB	id:	VHN-68217	Trust: 0.1

sources: VULHUB: VHN-68217 // BID: 65497 // JVNDB: JVNDB-2014-001398 // CNNVD: CNNVD-201402-151 // NVD: CVE-2014-0724

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0724	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32825	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0724	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0724	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-68217 // BID: 65497 // JVNDB: JVNDB-2014-001398 // CNNVD: CNNVD-201402-151 // NVD: CVE-2014-0724

CREDITS

Cisco

Trust: 0.3

sources: BID: 65497

SOURCES

db:	VULHUB	id:	VHN-68217
db:	BID	id:	65497
db:	JVNDB	id:	JVNDB-2014-001398
db:	CNNVD	id:	CNNVD-201402-151
db:	NVD	id:	CVE-2014-0724

LAST UPDATE DATE

2024-11-23T23:05:48.233000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68217	date:	2014-02-13T00:00:00
db:	BID	id:	65497	date:	2014-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-001398	date:	2014-02-14T00:00:00
db:	CNNVD	id:	CNNVD-201402-151	date:	2014-03-10T00:00:00
db:	NVD	id:	CVE-2014-0724	date:	2024-11-21T02:02:41.593

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68217	date:	2014-02-13T00:00:00
db:	BID	id:	65497	date:	2014-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-001398	date:	2014-02-14T00:00:00
db:	CNNVD	id:	CNNVD-201402-151	date:	2014-02-17T00:00:00
db:	NVD	id:	CVE-2014-0724	date:	2014-02-13T05:24:51.527