Details of VAR-201402-0213

ID

VAR-201402-0213

CVE

CVE-2014-0747

TITLE

Cisco Unified Communications Manager of Certificate Authority Proxy Function of CLI Implementation command insertion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001501

DESCRIPTION

The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. Vendors have confirmed this vulnerability Bug ID CSCum95493 It is released as.Unspecified by local user CAPF Commands may be inserted through the program. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. Successful exploits may compromise the affected device. This issue being tracked by Cisco Bug ID CSCum95493. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-0747 // JVNDB: JVNDB-2014-001501 // BID: 65790 // VULHUB: VHN-68240

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2b	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr2a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0(1)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0\(1\)	Trust: 0.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	0	Trust: 0.3

sources: BID: 65790 // JVNDB: JVNDB-2014-001501 // CNNVD: CNNVD-201402-431 // NVD: CVE-2014-0747

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0747
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0747
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201402-431
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68240
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0747
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68240
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68240 // JVNDB: JVNDB-2014-001501 // CNNVD: CNNVD-201402-431 // NVD: CVE-2014-0747

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-68240 // JVNDB: JVNDB-2014-001501 // NVD: CVE-2014-0747

THREAT TYPE

local

Trust: 0.9

sources: BID: 65790 // CNNVD: CNNVD-201402-431

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201402-431

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001501

PATCH

title:	Cisco Unified Communications Manager CAPF CLI Command Injection Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747	Trust: 0.8
title:	33048	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33048	Trust: 0.8

sources: JVNDB: JVNDB-2014-001501

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0747	Trust: 2.8
db:	SECTRACK	id:	1029843	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-001501	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-431	Trust: 0.7
db:	SECUNIA	id:	57131	Trust: 0.6
db:	CISCO	id:	20140225 CISCO UNIFIED COMMUNICATIONS MANAGER CAPF CLI COMMAND INJECTION VULNERABILITY	Trust: 0.6
db:	BID	id:	65790	Trust: 0.4
db:	VULHUB	id:	VHN-68240	Trust: 0.1

sources: VULHUB: VHN-68240 // BID: 65790 // JVNDB: JVNDB-2014-001501 // CNNVD: CNNVD-201402-431 // NVD: CVE-2014-0747

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0747	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33048	Trust: 1.7
url:	http://www.securitytracker.com/id/1029843	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0747	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0747	Trust: 0.8
url:	http://secunia.com/advisories/57131	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-68240 // BID: 65790 // JVNDB: JVNDB-2014-001501 // CNNVD: CNNVD-201402-431 // NVD: CVE-2014-0747

CREDITS

Cisco

Trust: 0.3

sources: BID: 65790

SOURCES

db:	VULHUB	id:	VHN-68240
db:	BID	id:	65790
db:	JVNDB	id:	JVNDB-2014-001501
db:	CNNVD	id:	CNNVD-201402-431
db:	NVD	id:	CVE-2014-0747

LAST UPDATE DATE

2024-11-23T22:46:07.793000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68240	date:	2015-08-01T00:00:00
db:	BID	id:	65790	date:	2014-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-001501	date:	2014-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201402-431	date:	2014-02-28T00:00:00
db:	NVD	id:	CVE-2014-0747	date:	2024-11-21T02:02:44.087

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68240	date:	2014-02-27T00:00:00
db:	BID	id:	65790	date:	2014-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-001501	date:	2014-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201402-431	date:	2014-02-28T00:00:00
db:	NVD	id:	CVE-2014-0747	date:	2014-02-27T01:55:03.447