Sign-up

ID

VAR-201402-0210


CVE

CVE-2014-0743


TITLE

Cisco Unified Communications Manager of Certificate Authority Proxy Function Vulnerabilities that bypass authentication in components

Trust: 0.8

sources: JVNDB: JVNDB-2014-001498

DESCRIPTION

The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. Cisco Unified Communications Manager is prone to a remote security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCum95468. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-0743 // JVNDB: JVNDB-2014-001498 // BID: 65789 // VULHUB: VHN-68236

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:10.0

Trust: 1.9

vendor:ciscomodel:unified communications managerscope:eqversion:4.1\(3\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:3.3\(5\)sr1

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:4.1\(3\)sr1

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:3.3\(5\)sr2a

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:4.1\(3\)sr4

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:4.1\(3\)sr3

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:3.3\(5\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:4.1\(3\)sr2

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:4.2.1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:4.3

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:4.2.2

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:4.2.3

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:4.2.3sr2b

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:lteversion:10.0\(1\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:4.2

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:4.2.3sr1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:4.2.3sr2

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:lteversion:10.0(1)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:10.0\(1\)

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:10.0(1)

Trust: 0.3

sources: BID: 65789 // JVNDB: JVNDB-2014-001498 // CNNVD: CNNVD-201402-428 // NVD: CVE-2014-0743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0743
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0743
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201402-428
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68236
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0743
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68236
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68236 // JVNDB: JVNDB-2014-001498 // CNNVD: CNNVD-201402-428 // NVD: CVE-2014-0743

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-68236 // JVNDB: JVNDB-2014-001498 // NVD: CVE-2014-0743

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-428

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201402-428

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001498

PATCH
title:Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743
Trust: 0.8
title:33044url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33044
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001498

EXTERNAL IDS
db:NVDid:CVE-2014-0743
Trust: 2.8
db:SECTRACKid:1029843
Trust: 1.1
db:JVNDBid:JVNDB-2014-001498
Trust: 0.8
db:CNNVDid:CNNVD-201402-428
Trust: 0.7
db:SECUNIAid:57147
Trust: 0.6
db:CISCOid:20140225 CISCO UNIFIED COMMUNICATIONS MANAGER CAPF UNAUTHENTICATED DEVICE INFORMATION UPDATE VULNERABILITY
Trust: 0.6
db:BIDid:65789
Trust: 0.4
db:VULHUBid:VHN-68236
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68236 // 
            
            
            
            BID: 65789 // 
            
            
            
            JVNDB: JVNDB-2014-001498 // 
            
            
            
            CNNVD: CNNVD-201402-428 // 
            
            
            
            NVD: CVE-2014-0743

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0743
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=33044
Trust: 2.0
url:http://www.securitytracker.com/id/1029843
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0743
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0743
Trust: 0.8
url:http://secunia.com/advisories/57147
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68236 // 
            
            
            
            BID: 65789 // 
            
            
            
            JVNDB: JVNDB-2014-001498 // 
            
            
            
            CNNVD: CNNVD-201402-428 // 
            
            
            
            NVD: CVE-2014-0743

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65789

SOURCES
db:VULHUBid:VHN-68236
db:BIDid:65789
db:JVNDBid:JVNDB-2014-001498
db:CNNVDid:CNNVD-201402-428
db:NVDid:CVE-2014-0743

LAST UPDATE DATE
2024-11-23T22:46:07.761000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68236date:2015-07-29T00:00:00
db:BIDid:65789date:2014-02-25T00:00:00
db:JVNDBid:JVNDB-2014-001498date:2014-02-28T00:00:00
db:CNNVDid:CNNVD-201402-428date:2014-02-28T00:00:00
db:NVDid:CVE-2014-0743date:2024-11-21T02:02:43.740

SOURCES RELEASE DATE
db:VULHUBid:VHN-68236date:2014-02-27T00:00:00
db:BIDid:65789date:2014-02-25T00:00:00
db:JVNDBid:JVNDB-2014-001498date:2014-02-28T00:00:00
db:CNNVDid:CNNVD-201402-428date:2014-02-28T00:00:00
db:NVDid:CVE-2014-0743date:2014-02-27T01:55:03.367