Details of VAR-201402-0219

ID

VAR-201402-0219

CVE

CVE-2014-0737

TITLE

Cisco Unified IP Phone 7960G CTL Trust Chain Enforcement Security Bypass Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-01207 // BID: 65705

DESCRIPTION

The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795. The Cisco Unified IP Phones 7960G is an IP telephony device developed by Cisco. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCuj66795

Trust: 2.52

sources: NVD: CVE-2014-0737 // JVNDB: JVNDB-2014-001455 // CNVD: CNVD-2014-01207 // BID: 65705 // VULHUB: VHN-68230

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01207

AFFECTED PRODUCTS

vendor:	cisco	model:	unified ip phone 7960g	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	unified ip phone 7960g	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified ip phone 7960g	scope:	lte	version:	series firmware 9.2(1)	Trust: 0.8

sources: CNVD: CNVD-2014-01207 // JVNDB: JVNDB-2014-001455 // CNNVD: CNNVD-201402-322 // NVD: CVE-2014-0737

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0737
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0737
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-01207
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201402-322
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68230
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0737
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01207
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-68230
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-01207 // VULHUB: VHN-68230 // JVNDB: JVNDB-2014-001455 // CNNVD: CNNVD-201402-322 // NVD: CVE-2014-0737

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-68230 // JVNDB: JVNDB-2014-001455 // NVD: CVE-2014-0737

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-322

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201402-322

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001455

PATCH

title:	Cisco Third-Generation IP Phone CTL Trust Chain Enforcement Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0737	Trust: 0.8
title:	32957	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32957	Trust: 0.8

sources: JVNDB: JVNDB-2014-001455

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0737	Trust: 3.4
db:	BID	id:	65705	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-001455	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-322	Trust: 0.7
db:	CNVD	id:	CNVD-2014-01207	Trust: 0.6
db:	CISCO	id:	20140220 CISCO THIRD-GENERATION IP PHONE CTL TRUST CHAIN ENFORCEMENT VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-68230	Trust: 0.1

sources: CNVD: CNVD-2014-01207 // VULHUB: VHN-68230 // BID: 65705 // JVNDB: JVNDB-2014-001455 // CNNVD: CNNVD-201402-322 // NVD: CVE-2014-0737

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0737	Trust: 2.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32957	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0737	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0737	Trust: 0.8
url:	http://www.cisco.com/en/us/products/hw/phones/ps379/index.html	Trust: 0.3

sources: CNVD: CNVD-2014-01207 // VULHUB: VHN-68230 // BID: 65705 // JVNDB: JVNDB-2014-001455 // CNNVD: CNNVD-201402-322 // NVD: CVE-2014-0737

CREDITS

Cisco

Trust: 0.3

sources: BID: 65705

SOURCES

db:	CNVD	id:	CNVD-2014-01207
db:	VULHUB	id:	VHN-68230
db:	BID	id:	65705
db:	JVNDB	id:	JVNDB-2014-001455
db:	CNNVD	id:	CNNVD-201402-322
db:	NVD	id:	CVE-2014-0737

LAST UPDATE DATE

2024-11-23T23:12:47.560000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01207	date:	2014-02-25T00:00:00
db:	VULHUB	id:	VHN-68230	date:	2014-03-06T00:00:00
db:	BID	id:	65705	date:	2014-02-25T01:52:00
db:	JVNDB	id:	JVNDB-2014-001455	date:	2014-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201402-322	date:	2014-02-26T00:00:00
db:	NVD	id:	CVE-2014-0737	date:	2024-11-21T02:02:43.050

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01207	date:	2014-02-25T00:00:00
db:	VULHUB	id:	VHN-68230	date:	2014-02-22T00:00:00
db:	BID	id:	65705	date:	2014-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2014-001455	date:	2014-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201402-322	date:	2014-02-26T00:00:00
db:	NVD	id:	CVE-2014-0737	date:	2014-02-22T21:55:09.703