Details of VAR-201402-0223

ID

VAR-201402-0223

CVE

CVE-2014-0741

TITLE

Cisco Unified Communications Manager of Certificate Authority Proxy Function Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2014-001496

DESCRIPTION

The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461. Vendors report this vulnerability Bug ID CSCum95461 Published as.A local user may be able to read or modify any file via crafted commands. Cisco Unified Communications Manager is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain escalated privileges. This issue is being tracked by Cisco Bug ID CSCum95461. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-0741 // JVNDB: JVNDB-2014-001496 // BID: 65796 // VULHUB: VHN-68234

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr2a	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2b	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0(1)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0\(1\)	Trust: 0.6

sources: JVNDB: JVNDB-2014-001496 // CNNVD: CNNVD-201402-426 // NVD: CVE-2014-0741

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0741
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0741
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201402-426
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68234
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0741
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68234
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68234 // JVNDB: JVNDB-2014-001496 // CNNVD: CNNVD-201402-426 // NVD: CVE-2014-0741

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-68234 // JVNDB: JVNDB-2014-001496 // NVD: CVE-2014-0741

THREAT TYPE

local

Trust: 0.9

sources: BID: 65796 // CNNVD: CNNVD-201402-426

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201402-426

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001496

PATCH

title:	Cisco Unified Communications Manager CAPF Certificate Import Arbitrary File Read/Write Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741	Trust: 0.8
title:	33046	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33046	Trust: 0.8

sources: JVNDB: JVNDB-2014-001496

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0741	Trust: 2.8
db:	SECTRACK	id:	1029843	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-001496	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-426	Trust: 0.7
db:	CISCO	id:	20140225 CISCO UNIFIED COMMUNICATIONS MANAGER CAPF CERTIFICATE IMPORT ARBITRARY FILE READ/WRITE VULNERABILITY	Trust: 0.6
db:	BID	id:	65796	Trust: 0.4
db:	VULHUB	id:	VHN-68234	Trust: 0.1

sources: VULHUB: VHN-68234 // BID: 65796 // JVNDB: JVNDB-2014-001496 // CNNVD: CNNVD-201402-426 // NVD: CVE-2014-0741

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0741	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33046	Trust: 1.7
url:	http://www.securitytracker.com/id/1029843	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0741	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0741	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-68234 // BID: 65796 // JVNDB: JVNDB-2014-001496 // CNNVD: CNNVD-201402-426 // NVD: CVE-2014-0741

CREDITS

Cisco

Trust: 0.3

sources: BID: 65796

SOURCES

db:	VULHUB	id:	VHN-68234
db:	BID	id:	65796
db:	JVNDB	id:	JVNDB-2014-001496
db:	CNNVD	id:	CNNVD-201402-426
db:	NVD	id:	CVE-2014-0741

LAST UPDATE DATE

2024-11-23T22:46:07.824000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68234	date:	2015-07-29T00:00:00
db:	BID	id:	65796	date:	2014-02-27T00:31:00
db:	JVNDB	id:	JVNDB-2014-001496	date:	2014-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201402-426	date:	2014-02-28T00:00:00
db:	NVD	id:	CVE-2014-0741	date:	2024-11-21T02:02:43.503

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68234	date:	2014-02-27T00:00:00
db:	BID	id:	65796	date:	2014-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-001496	date:	2014-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201402-426	date:	2014-02-28T00:00:00
db:	NVD	id:	CVE-2014-0741	date:	2014-02-27T01:55:03.320