Sign-up

ID

VAR-201402-0218


CVE

CVE-2014-0736


TITLE

Cisco Unified Communications Manager of Call Detail Records Analysis and Reporting Page cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001434

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468. Vendors have confirmed this vulnerability Bug ID CSCum46468 It is released as.A third party is hijacking the authentication of any user, CAR Is subject to change. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID's CSCum46468 and CSCum95475. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-0736 // JVNDB: JVNDB-2014-001434 // BID: 65640 // VULHUB: VHN-68229

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:4.1\(3\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:3.3\(5\)sr1

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:4.1\(3\)sr1

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:3.3\(5\)sr2a

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:4.1\(3\)sr4

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:10.0

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:4.1\(3\)sr3

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:3.3\(5\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:4.1\(3\)sr2

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:4.2.1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:4.3

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:4.2.2

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:4.2.3

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:4.2.3sr2b

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:lteversion:10.0\(1\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:4.2

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:4.2.3sr1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:4.2.3sr2

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:lteversion:10.0(1)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:10.0\(1\)

Trust: 0.6

sources: JVNDB: JVNDB-2014-001434 // CNNVD: CNNVD-201402-276 // NVD: CVE-2014-0736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0736
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0736
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201402-276
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68229
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0736
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68229
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68229 // JVNDB: JVNDB-2014-001434 // CNNVD: CNNVD-201402-276 // NVD: CVE-2014-0736

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-68229 // JVNDB: JVNDB-2014-001434 // NVD: CVE-2014-0736

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-276

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201402-276

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001434

PATCH
title:Cisco Unified Communications Manager CAR Page CSRF Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736
Trust: 0.8
title:32911url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32911
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001434

EXTERNAL IDS
db:NVDid:CVE-2014-0736
Trust: 2.8
db:SECTRACKid:1029792
Trust: 1.1
db:JVNDBid:JVNDB-2014-001434
Trust: 0.8
db:CNNVDid:CNNVD-201402-276
Trust: 0.7
db:SECUNIAid:56957
Trust: 0.6
db:CISCOid:20140218 CISCO UNIFIED COMMUNICATIONS MANAGER CAR PAGE CSRF VULNERABILITY
Trust: 0.6
db:BIDid:65640
Trust: 0.4
db:VULHUBid:VHN-68229
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68229 // 
            
            
            
            BID: 65640 // 
            
            
            
            JVNDB: JVNDB-2014-001434 // 
            
            
            
            CNNVD: CNNVD-201402-276 // 
            
            
            
            NVD: CVE-2014-0736

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0736
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32911
Trust: 1.7
url:http://www.securitytracker.com/id/1029792
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0736
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0736
Trust: 0.8
url:http://secunia.com/advisories/56957
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68229 // 
            
            
            
            BID: 65640 // 
            
            
            
            JVNDB: JVNDB-2014-001434 // 
            
            
            
            CNNVD: CNNVD-201402-276 // 
            
            
            
            NVD: CVE-2014-0736

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65640

SOURCES
db:VULHUBid:VHN-68229
db:BIDid:65640
db:JVNDBid:JVNDB-2014-001434
db:CNNVDid:CNNVD-201402-276
db:NVDid:CVE-2014-0736

LAST UPDATE DATE
2024-11-23T22:23:11.315000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68229date:2015-08-13T00:00:00
db:BIDid:65640date:2014-02-25T02:22:00
db:JVNDBid:JVNDB-2014-001434date:2014-02-21T00:00:00
db:CNNVDid:CNNVD-201402-276date:2014-02-21T00:00:00
db:NVDid:CVE-2014-0736date:2024-11-21T02:02:42.937

SOURCES RELEASE DATE
db:VULHUBid:VHN-68229date:2014-02-20T00:00:00
db:BIDid:65640date:2014-02-18T00:00:00
db:JVNDBid:JVNDB-2014-001434date:2014-02-21T00:00:00
db:CNNVDid:CNNVD-201402-276date:2014-02-21T00:00:00
db:NVDid:CVE-2014-0736date:2014-02-20T05:18:04.267