Details of VAR-201402-0215

ID

VAR-201402-0215

CVE

CVE-2014-0733

TITLE

Cisco Unified Communications Manager of Enterprise License Manager In the component ELM File read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001435

DESCRIPTION

The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCum46494. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-0733 // JVNDB: JVNDB-2014-001435 // BID: 65643 // VULHUB: VHN-68226

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2b	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr4	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr2a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0(1)	Trust: 0.8

sources: JVNDB: JVNDB-2014-001435 // CNNVD: CNNVD-201402-280 // NVD: CVE-2014-0733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0733
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0733
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201402-280
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68226
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0733
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68226
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68226 // JVNDB: JVNDB-2014-001435 // CNNVD: CNNVD-201402-280 // NVD: CVE-2014-0733

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-68226 // JVNDB: JVNDB-2014-001435 // NVD: CVE-2014-0733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-280

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201402-280

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001435

PATCH

title:	Cisco Unified Communications Manager Enterprise License Manager Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733	Trust: 0.8
title:	32914	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32914	Trust: 0.8

sources: JVNDB: JVNDB-2014-001435

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0733	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-001435	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-280	Trust: 0.7
db:	CISCO	id:	20140218 CISCO UNIFIED COMMUNICATIONS MANAGER ENTERPRISE LICENSE MANAGER INFORMATION DISCLOSURE VULNERABILITY	Trust: 0.6
db:	SECUNIA	id:	57010	Trust: 0.6
db:	BID	id:	65643	Trust: 0.4
db:	VULHUB	id:	VHN-68226	Trust: 0.1

sources: VULHUB: VHN-68226 // BID: 65643 // JVNDB: JVNDB-2014-001435 // CNNVD: CNNVD-201402-280 // NVD: CVE-2014-0733

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0733	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32914	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0733	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0733	Trust: 0.8
url:	http://secunia.com/advisories/57010	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-68226 // BID: 65643 // JVNDB: JVNDB-2014-001435 // CNNVD: CNNVD-201402-280 // NVD: CVE-2014-0733

CREDITS

Cisco

Trust: 0.3

sources: BID: 65643

SOURCES

db:	VULHUB	id:	VHN-68226
db:	BID	id:	65643
db:	JVNDB	id:	JVNDB-2014-001435
db:	CNNVD	id:	CNNVD-201402-280
db:	NVD	id:	CVE-2014-0733

LAST UPDATE DATE

2024-11-23T22:18:38.597000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68226	date:	2014-02-20T00:00:00
db:	BID	id:	65643	date:	2014-02-21T01:41:00
db:	JVNDB	id:	JVNDB-2014-001435	date:	2014-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201402-280	date:	2014-02-21T00:00:00
db:	NVD	id:	CVE-2014-0733	date:	2024-11-21T02:02:42.583

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68226	date:	2014-02-20T00:00:00
db:	BID	id:	65643	date:	2014-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-001435	date:	2014-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201402-280	date:	2014-02-21T00:00:00
db:	NVD	id:	CVE-2014-0733	date:	2014-02-20T15:27:09.437