Details of VAR-201402-0211

ID

VAR-201402-0211

CVE

CVE-2014-0745

TITLE

Cisco Unified Contact Center Express of Unified Serviceability Sub-system cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001499

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502. Vendors have confirmed this vulnerability Bug ID CSCum95502 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected user. Other attacks are also possible. This issue is being tracked by Cisco bug ID CSCum95502. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control

Trust: 1.98

sources: NVD: CVE-2014-0745 // JVNDB: JVNDB-2014-001499 // BID: 65798 // VULHUB: VHN-68238

AFFECTED PRODUCTS

vendor:	cisco	model:	unified contact center express editor software	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified contact center express	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified contact center express editor software	scope:	eq	version:	10.0(1)	Trust: 0.8

sources: JVNDB: JVNDB-2014-001499 // CNNVD: CNNVD-201402-429 // NVD: CVE-2014-0745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0745
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0745
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201402-429
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68238
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0745
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68238
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68238 // JVNDB: JVNDB-2014-001499 // CNNVD: CNNVD-201402-429 // NVD: CVE-2014-0745

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-68238 // JVNDB: JVNDB-2014-001499 // NVD: CVE-2014-0745

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-429

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201402-429

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001499

PATCH

title:	Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0745	Trust: 0.8
title:	33087	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33087	Trust: 0.8

sources: JVNDB: JVNDB-2014-001499

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0745	Trust: 2.8
db:	SECTRACK	id:	1029842	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-001499	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-429	Trust: 0.7
db:	SECUNIA	id:	57140	Trust: 0.6
db:	CISCO	id:	20140225 CISCO UNIFIED CONTACT CENTER EXPRESS SERVICEABILITY PAGE CSRF VULNERABILITY	Trust: 0.6
db:	BID	id:	65798	Trust: 0.4
db:	VULHUB	id:	VHN-68238	Trust: 0.1

sources: VULHUB: VHN-68238 // BID: 65798 // JVNDB: JVNDB-2014-001499 // CNNVD: CNNVD-201402-429 // NVD: CVE-2014-0745

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0745	Trust: 1.7
url:	http://www.securitytracker.com/id/1029842	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0745	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0745	Trust: 0.8
url:	http://secunia.com/advisories/57140	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-68238 // BID: 65798 // JVNDB: JVNDB-2014-001499 // CNNVD: CNNVD-201402-429 // NVD: CVE-2014-0745

CREDITS

Cisco

Trust: 0.3

sources: BID: 65798

SOURCES

db:	VULHUB	id:	VHN-68238
db:	BID	id:	65798
db:	JVNDB	id:	JVNDB-2014-001499
db:	CNNVD	id:	CNNVD-201402-429
db:	NVD	id:	CVE-2014-0745

LAST UPDATE DATE

2024-11-23T21:45:21.571000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68238	date:	2015-08-01T00:00:00
db:	BID	id:	65798	date:	2014-03-04T02:11:00
db:	JVNDB	id:	JVNDB-2014-001499	date:	2014-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201402-429	date:	2014-02-28T00:00:00
db:	NVD	id:	CVE-2014-0745	date:	2024-11-21T02:02:43.863

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68238	date:	2014-02-27T00:00:00
db:	BID	id:	65798	date:	2014-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-001499	date:	2014-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201402-429	date:	2014-02-28T00:00:00
db:	NVD	id:	CVE-2014-0745	date:	2014-02-27T01:55:03.397