Details of VAR-201402-0214

ID

VAR-201402-0214

CVE

CVE-2014-0732

TITLE

Cisco Unified Communications Manager of Real Time Monitoring Tool Web Application file reading vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001431

DESCRIPTION

The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCum46495. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-0732 // JVNDB: JVNDB-2014-001431 // BID: 65642 // VULHUB: VHN-68225

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2b	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr4	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr2a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0(1)	Trust: 0.8

sources: JVNDB: JVNDB-2014-001431 // CNNVD: CNNVD-201402-273 // NVD: CVE-2014-0732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0732
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0732
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201402-273
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68225
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0732
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68225
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68225 // JVNDB: JVNDB-2014-001431 // CNNVD: CNNVD-201402-273 // NVD: CVE-2014-0732

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-68225 // JVNDB: JVNDB-2014-001431 // NVD: CVE-2014-0732

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-273

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201402-273

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001431

PATCH

title:	Cisco Unified Communications Manager Real Time Monitoring Tool Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732	Trust: 0.8
title:	32913	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32913	Trust: 0.8

sources: JVNDB: JVNDB-2014-001431

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0732	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-001431	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-273	Trust: 0.7
db:	SECUNIA	id:	56992	Trust: 0.6
db:	CISCO	id:	20140218 CISCO UNIFIED COMMUNICATIONS MANAGER REAL TIME MONITORING TOOL INFORMATION DISCLOSURE VULNERABILITY	Trust: 0.6
db:	BID	id:	65642	Trust: 0.4
db:	VULHUB	id:	VHN-68225	Trust: 0.1

sources: VULHUB: VHN-68225 // BID: 65642 // JVNDB: JVNDB-2014-001431 // CNNVD: CNNVD-201402-273 // NVD: CVE-2014-0732

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0732	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32913	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0732	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0732	Trust: 0.8
url:	http://secunia.com/advisories/56992	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-68225 // BID: 65642 // JVNDB: JVNDB-2014-001431 // CNNVD: CNNVD-201402-273 // NVD: CVE-2014-0732

CREDITS

Cisco

Trust: 0.3

sources: BID: 65642

SOURCES

db:	VULHUB	id:	VHN-68225
db:	BID	id:	65642
db:	JVNDB	id:	JVNDB-2014-001431
db:	CNNVD	id:	CNNVD-201402-273
db:	NVD	id:	CVE-2014-0732

LAST UPDATE DATE

2024-11-23T21:55:27.874000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68225	date:	2014-02-21T00:00:00
db:	BID	id:	65642	date:	2014-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-001431	date:	2014-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201402-273	date:	2014-02-21T00:00:00
db:	NVD	id:	CVE-2014-0732	date:	2024-11-21T02:02:42.473

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68225	date:	2014-02-20T00:00:00
db:	BID	id:	65642	date:	2014-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-001431	date:	2014-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201402-273	date:	2014-02-21T00:00:00
db:	NVD	id:	CVE-2014-0732	date:	2014-02-20T05:18:04.140