Sign-up

ID

VAR-201402-0203


CVE

CVE-2014-0725


TITLE

Cisco Unified Communications Manager Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-001399

DESCRIPTION

Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCum05337. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. A remote attacker could exploit this vulnerability to obtain sensitive information

Trust: 1.98

sources: NVD: CVE-2014-0725 // JVNDB: JVNDB-2014-001399 // BID: 65518 // VULHUB: VHN-68218

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:lteversion:10.0(1)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2014-001399 // CNNVD: CNNVD-201402-152 // NVD: CVE-2014-0725

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0725
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0725
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201402-152
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68218
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0725
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68218
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68218 // JVNDB: JVNDB-2014-001399 // CNNVD: CNNVD-201402-152 // NVD: CVE-2014-0725

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-68218 // JVNDB: JVNDB-2014-001399 // NVD: CVE-2014-0725

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-152

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201402-152

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001399

PATCH
title:Cisco Unified Communications Manager WAR File Availability Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725
Trust: 0.8
title:32845url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32845
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001399

EXTERNAL IDS
db:NVDid:CVE-2014-0725
Trust: 2.8
db:JVNDBid:JVNDB-2014-001399
Trust: 0.8
db:CNNVDid:CNNVD-201402-152
Trust: 0.7
db:CISCOid:20140212 CISCO UNIFIED COMMUNICATIONS MANAGER WAR FILE AVAILABILITY VULNERABILITY
Trust: 0.6
db:BIDid:65518
Trust: 0.4
db:VULHUBid:VHN-68218
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68218 // 
            
            
            
            BID: 65518 // 
            
            
            
            JVNDB: JVNDB-2014-001399 // 
            
            
            
            CNNVD: CNNVD-201402-152 // 
            
            
            
            NVD: CVE-2014-0725

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0725
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0725
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0725
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps7060/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68218 // 
            
            
            
            BID: 65518 // 
            
            
            
            JVNDB: JVNDB-2014-001399 // 
            
            
            
            CNNVD: CNNVD-201402-152 // 
            
            
            
            NVD: CVE-2014-0725

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65518

SOURCES
db:VULHUBid:VHN-68218
db:BIDid:65518
db:JVNDBid:JVNDB-2014-001399
db:CNNVDid:CNNVD-201402-152
db:NVDid:CVE-2014-0725

LAST UPDATE DATE
2024-11-23T23:02:50.229000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68218date:2014-02-13T00:00:00
db:BIDid:65518date:2014-02-17T01:26:00
db:JVNDBid:JVNDB-2014-001399date:2014-02-14T00:00:00
db:CNNVDid:CNNVD-201402-152date:2014-02-17T00:00:00
db:NVDid:CVE-2014-0725date:2024-11-21T02:02:41.707

SOURCES RELEASE DATE
db:VULHUBid:VHN-68218date:2014-02-13T00:00:00
db:BIDid:65518date:2014-02-12T00:00:00
db:JVNDBid:JVNDB-2014-001399date:2014-02-14T00:00:00
db:CNNVDid:CNNVD-201402-152date:2014-02-17T00:00:00
db:NVDid:CVE-2014-0725date:2014-02-13T05:24:51.557