Details of VAR-201402-0216

ID

VAR-201402-0216

CVE

CVE-2014-0734

TITLE

Cisco Unified Communications Manager of Certificate Authority Proxy Function In the implementation of SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001432

DESCRIPTION

SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483. Vendors have confirmed this vulnerability Bug ID CSCum46483 It is released as.Skillfully crafted by a third party URL Through any SQL The command may be executed. Exploiting this issue could allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCum46483. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-0734 // JVNDB: JVNDB-2014-001432 // BID: 65645 // VULHUB: VHN-68227

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2b	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr4	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr2a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0(1)	Trust: 0.8

sources: JVNDB: JVNDB-2014-001432 // CNNVD: CNNVD-201402-274 // NVD: CVE-2014-0734

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0734
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0734
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201402-274
value:	HIGH
Trust: 0.6
VULHUB:	VHN-68227
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0734
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68227
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68227 // JVNDB: JVNDB-2014-001432 // CNNVD: CNNVD-201402-274 // NVD: CVE-2014-0734

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-68227 // JVNDB: JVNDB-2014-001432 // NVD: CVE-2014-0734

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-274

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201402-274

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001432

PATCH

title:	Cisco Unified Communications Manager CAPF Unauthenticated Blind SQL Injection Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0734	Trust: 0.8
title:	32916	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32916	Trust: 0.8

sources: JVNDB: JVNDB-2014-001432

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0734	Trust: 2.8
db:	BID	id:	65645	Trust: 1.4
db:	JVNDB	id:	JVNDB-2014-001432	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-274	Trust: 0.7
db:	SECUNIA	id:	57046	Trust: 0.6
db:	CISCO	id:	20140218 CISCO UNIFIED COMMUNICATIONS MANAGER CAPF UNAUTHENTICATED BLIND SQL INJECTION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-68227	Trust: 0.1

sources: VULHUB: VHN-68227 // BID: 65645 // JVNDB: JVNDB-2014-001432 // CNNVD: CNNVD-201402-274 // NVD: CVE-2014-0734

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0734	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32916	Trust: 1.7
url:	http://www.securityfocus.com/bid/65645	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0734	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0734	Trust: 0.8
url:	http://secunia.com/advisories/57046	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-68227 // BID: 65645 // JVNDB: JVNDB-2014-001432 // CNNVD: CNNVD-201402-274 // NVD: CVE-2014-0734

CREDITS

Cisco

Trust: 0.3

sources: BID: 65645

SOURCES

db:	VULHUB	id:	VHN-68227
db:	BID	id:	65645
db:	JVNDB	id:	JVNDB-2014-001432
db:	CNNVD	id:	CNNVD-201402-274
db:	NVD	id:	CVE-2014-0734

LAST UPDATE DATE

2024-11-23T22:27:21.776000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68227	date:	2015-09-16T00:00:00
db:	BID	id:	65645	date:	2014-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-001432	date:	2014-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201402-274	date:	2014-03-04T00:00:00
db:	NVD	id:	CVE-2014-0734	date:	2024-11-21T02:02:42.697

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68227	date:	2014-02-20T00:00:00
db:	BID	id:	65645	date:	2014-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-001432	date:	2014-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201402-274	date:	2014-02-21T00:00:00
db:	NVD	id:	CVE-2014-0734	date:	2014-02-20T05:18:04.203