Sign-up

ID

VAR-201402-0207


CVE

CVE-2014-0729


TITLE

Cisco Unified Communications Manager of Enterprise Mobility Application In the interface SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001403

DESCRIPTION

SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302. A successful exploit may allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCum05302. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-0729 // JVNDB: JVNDB-2014-001403 // BID: 65501 // VULHUB: VHN-68222

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:lteversion:10.0(1)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2014-001403 // CNNVD: CNNVD-201402-156 // NVD: CVE-2014-0729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0729
value: HIGH

Trust: 1.0

NVD: CVE-2014-0729
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201402-156
value: HIGH

Trust: 0.6

VULHUB: VHN-68222
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0729
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68222
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68222 // JVNDB: JVNDB-2014-001403 // CNNVD: CNNVD-201402-156 // NVD: CVE-2014-0729

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-68222 // JVNDB: JVNDB-2014-001403 // NVD: CVE-2014-0729

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-156

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201402-156

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001403

PATCH
title:Cisco Unified Communications Manager Enterprise Mobility Application Blind SQL Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0729
Trust: 0.8
title:32835url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32835
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001403

EXTERNAL IDS
db:NVDid:CVE-2014-0729
Trust: 2.8
db:BIDid:65501
Trust: 1.4
db:OSVDBid:103220
Trust: 1.1
db:JVNDBid:JVNDB-2014-001403
Trust: 0.8
db:CNNVDid:CNNVD-201402-156
Trust: 0.7
db:CISCOid:20140211 CISCO UNIFIED COMMUNICATIONS MANAGER ENTERPRISE MOBILITY APPLICATION BLIND SQL INJECTION VULNERABILITY
Trust: 0.6
db:SECUNIAid:56919
Trust: 0.6
db:VULHUBid:VHN-68222
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68222 // 
            
            
            
            BID: 65501 // 
            
            
            
            JVNDB: JVNDB-2014-001403 // 
            
            
            
            CNNVD: CNNVD-201402-156 // 
            
            
            
            NVD: CVE-2014-0729

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0729
Trust: 1.7
url:http://www.securityfocus.com/bid/65501
Trust: 1.1
url:http://osvdb.org/103220
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0729
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0729
Trust: 0.8
url:http://secunia.com/advisories/56919
Trust: 0.6
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68222 // 
            
            
            
            BID: 65501 // 
            
            
            
            JVNDB: JVNDB-2014-001403 // 
            
            
            
            CNNVD: CNNVD-201402-156 // 
            
            
            
            NVD: CVE-2014-0729

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65501

SOURCES
db:VULHUBid:VHN-68222
db:BIDid:65501
db:JVNDBid:JVNDB-2014-001403
db:CNNVDid:CNNVD-201402-156
db:NVDid:CVE-2014-0729

LAST UPDATE DATE
2024-11-23T22:49:32.432000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68222date:2015-08-05T00:00:00
db:BIDid:65501date:2014-02-17T01:26:00
db:JVNDBid:JVNDB-2014-001403date:2014-02-14T00:00:00
db:CNNVDid:CNNVD-201402-156date:2014-02-21T00:00:00
db:NVDid:CVE-2014-0729date:2024-11-21T02:02:42.130

SOURCES RELEASE DATE
db:VULHUBid:VHN-68222date:2014-02-13T00:00:00
db:BIDid:65501date:2014-02-11T00:00:00
db:JVNDBid:JVNDB-2014-001403date:2014-02-14T00:00:00
db:CNNVDid:CNNVD-201402-156date:2014-02-17T00:00:00
db:NVDid:CVE-2014-0729date:2014-02-13T05:24:51.667