Sign-up

ID

VAR-201402-0212


CVE

CVE-2014-0746


TITLE

Cisco Unified Contact Center Express Vulnerability in which important information is obtained in the disaster recovery system

Trust: 0.8

sources: JVNDB: JVNDB-2014-001500

DESCRIPTION

The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCum95536. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control

Trust: 1.98

sources: NVD: CVE-2014-0746 // JVNDB: JVNDB-2014-001500 // BID: 65802 // VULHUB: VHN-68239

AFFECTED PRODUCTS

vendor:ciscomodel:unified contact center express editor softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified contact center expressscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified contact center express editor softwarescope:eqversion:10.0(1)

Trust: 0.8

sources: JVNDB: JVNDB-2014-001500 // CNNVD: CNNVD-201402-430 // NVD: CVE-2014-0746

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0746
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0746
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201402-430
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68239
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0746
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68239
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68239 // JVNDB: JVNDB-2014-001500 // CNNVD: CNNVD-201402-430 // NVD: CVE-2014-0746

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-68239 // JVNDB: JVNDB-2014-001500 // NVD: CVE-2014-0746

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-430

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201402-430

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001500

PATCH
title:Cisco Unified Contact Center Express DRS Sensitive Information Disclosure Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0746
Trust: 0.8
title:33086url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33086
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001500

EXTERNAL IDS
db:NVDid:CVE-2014-0746
Trust: 2.8
db:SECTRACKid:1029842
Trust: 1.1
db:JVNDBid:JVNDB-2014-001500
Trust: 0.8
db:CNNVDid:CNNVD-201402-430
Trust: 0.7
db:CISCOid:20140225 CISCO UNIFIED CONTACT CENTER EXPRESS DRS SENSITIVE INFORMATION DISCLOSURE VULNERABILITY
Trust: 0.6
db:BIDid:65802
Trust: 0.4
db:VULHUBid:VHN-68239
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68239 // 
            
            
            
            BID: 65802 // 
            
            
            
            JVNDB: JVNDB-2014-001500 // 
            
            
            
            CNNVD: CNNVD-201402-430 // 
            
            
            
            NVD: CVE-2014-0746

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0746
Trust: 1.7
url:http://www.securitytracker.com/id/1029842
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0746
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0746
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68239 // 
            
            
            
            BID: 65802 // 
            
            
            
            JVNDB: JVNDB-2014-001500 // 
            
            
            
            CNNVD: CNNVD-201402-430 // 
            
            
            
            NVD: CVE-2014-0746

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65802

SOURCES
db:VULHUBid:VHN-68239
db:BIDid:65802
db:JVNDBid:JVNDB-2014-001500
db:CNNVDid:CNNVD-201402-430
db:NVDid:CVE-2014-0746

LAST UPDATE DATE
2024-11-23T21:45:21.602000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68239date:2015-08-01T00:00:00
db:BIDid:65802date:2014-03-04T02:21:00
db:JVNDBid:JVNDB-2014-001500date:2014-02-28T00:00:00
db:CNNVDid:CNNVD-201402-430date:2014-02-28T00:00:00
db:NVDid:CVE-2014-0746date:2024-11-21T02:02:43.967

SOURCES RELEASE DATE
db:VULHUBid:VHN-68239date:2014-02-27T00:00:00
db:BIDid:65802date:2014-02-25T00:00:00
db:JVNDBid:JVNDB-2014-001500date:2014-02-28T00:00:00
db:CNNVDid:CNNVD-201402-430date:2014-02-28T00:00:00
db:NVDid:CVE-2014-0746date:2014-02-27T01:55:03.430