Sign-up

ID

VAR-201402-0205


CVE

CVE-2014-0727


TITLE

Cisco Unified Communications Manager CMIVR Interface SQL Injection Vulnerability

Trust: 0.9

sources: BID: 65516 // CNNVD: CNNVD-201402-154

DESCRIPTION

SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. A successful exploit may allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCum05318. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 2.07

sources: NVD: CVE-2014-0727 // JVNDB: JVNDB-2014-001401 // BID: 65516 // VULHUB: VHN-68220 // VULMON: CVE-2014-0727

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 1.4

vendor:ciscomodel:unified communications managerscope:eqversion:*

Trust: 1.0

sources: JVNDB: JVNDB-2014-001401 // CNNVD: CNNVD-201402-154 // NVD: CVE-2014-0727

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0727
value: HIGH

Trust: 1.0

NVD: CVE-2014-0727
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201402-154
value: HIGH

Trust: 0.6

VULHUB: VHN-68220
value: HIGH

Trust: 0.1

VULMON: CVE-2014-0727
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0727
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-68220
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68220 // VULMON: CVE-2014-0727 // JVNDB: JVNDB-2014-001401 // CNNVD: CNNVD-201402-154 // NVD: CVE-2014-0727

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-68220 // JVNDB: JVNDB-2014-001401 // NVD: CVE-2014-0727

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-154

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201402-154

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001401

PATCH
title:Cisco Unified Communications Manager CMIVR Blind SQL Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0727
Trust: 0.8
title:Cisco: Cisco Unified Communications Manager CMIVR Blind SQL Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20140212-CVE-2014-0727
Trust: 0.1
sources:
            
            
            VULMON: CVE-2014-0727 // 
            
            
            
            JVNDB: JVNDB-2014-001401

EXTERNAL IDS
db:NVDid:CVE-2014-0727
Trust: 2.9
db:BIDid:65516
Trust: 1.5
db:OSVDBid:103219
Trust: 1.2
db:XFid:91068
Trust: 0.8
db:JVNDBid:JVNDB-2014-001401
Trust: 0.8
db:CNNVDid:CNNVD-201402-154
Trust: 0.7
db:CISCOid:20140212 CISCO UNIFIED COMMUNICATIONS MANAGER CMIVR BLIND SQL INJECTION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-68220
Trust: 0.1
db:VULMONid:CVE-2014-0727
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68220 // 
            
            
            
            VULMON: CVE-2014-0727 // 
            
            
            
            BID: 65516 // 
            
            
            
            JVNDB: JVNDB-2014-001401 // 
            
            
            
            CNNVD: CNNVD-201402-154 // 
            
            
            
            NVD: CVE-2014-0727

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0727
Trust: 1.8
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32844
Trust: 1.8
url:http://www.securityfocus.com/bid/65516
Trust: 1.2
url:http://osvdb.org/103219
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0727
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0727
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/91068
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/89.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140212-cve-2014-0727
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68220 // 
            
            
            
            VULMON: CVE-2014-0727 // 
            
            
            
            BID: 65516 // 
            
            
            
            JVNDB: JVNDB-2014-001401 // 
            
            
            
            CNNVD: CNNVD-201402-154 // 
            
            
            
            NVD: CVE-2014-0727

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65516

SOURCES
db:VULHUBid:VHN-68220
db:VULMONid:CVE-2014-0727
db:BIDid:65516
db:JVNDBid:JVNDB-2014-001401
db:CNNVDid:CNNVD-201402-154
db:NVDid:CVE-2014-0727

LAST UPDATE DATE
2024-11-23T22:08:23.167000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68220date:2015-09-16T00:00:00
db:VULMONid:CVE-2014-0727date:2015-09-16T00:00:00
db:BIDid:65516date:2014-02-12T00:00:00
db:JVNDBid:JVNDB-2014-001401date:2014-02-14T00:00:00
db:CNNVDid:CNNVD-201402-154date:2014-02-17T00:00:00
db:NVDid:CVE-2014-0727date:2024-11-21T02:02:41.917

SOURCES RELEASE DATE
db:VULHUBid:VHN-68220date:2014-02-13T00:00:00
db:VULMONid:CVE-2014-0727date:2014-02-13T00:00:00
db:BIDid:65516date:2014-02-12T00:00:00
db:JVNDBid:JVNDB-2014-001401date:2014-02-14T00:00:00
db:CNNVDid:CNNVD-201402-154date:2014-02-17T00:00:00
db:NVDid:CVE-2014-0727date:2014-02-13T05:24:51.607