Sign-up

ID

VAR-201404-0563


CVE

CVE-2014-2185


TITLE

Cisco Unified Communications Manager of Call Detail Records Management Vulnerabilities that can capture important information in components

Trust: 0.8

sources: JVNDB: JVNDB-2014-002268

DESCRIPTION

The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCun74374. Call Detail Records (CDR) Management is one of the call detail record management applications

Trust: 1.98

sources: NVD: CVE-2014-2185 // JVNDB: JVNDB-2014-002268 // BID: 67099 // VULHUB: VHN-70124

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.0(1)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2014-002268 // CNNVD: CNNVD-201404-569 // NVD: CVE-2014-2185

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2185
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2185
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201404-569
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70124
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2185
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70124
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70124 // JVNDB: JVNDB-2014-002268 // CNNVD: CNNVD-201404-569 // NVD: CVE-2014-2185

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-70124 // JVNDB: JVNDB-2014-002268 // NVD: CVE-2014-2185

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-569

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201404-569

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002268

PATCH
title:Cisco Unified Communications Manager CDR Management Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2185
Trust: 0.8
title:33987url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33987
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002268

EXTERNAL IDS
db:NVDid:CVE-2014-2185
Trust: 2.8
db:JVNDBid:JVNDB-2014-002268
Trust: 0.8
db:CNNVDid:CNNVD-201404-569
Trust: 0.7
db:CISCOid:20140428 CISCO UNIFIED COMMUNICATIONS MANAGER CDR MANAGEMENT VULNERABILITY
Trust: 0.6
db:BIDid:67099
Trust: 0.4
db:VULHUBid:VHN-70124
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70124 // 
            
            
            
            BID: 67099 // 
            
            
            
            JVNDB: JVNDB-2014-002268 // 
            
            
            
            CNNVD: CNNVD-201404-569 // 
            
            
            
            NVD: CVE-2014-2185

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2185
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2185
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2185
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps7060/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70124 // 
            
            
            
            BID: 67099 // 
            
            
            
            JVNDB: JVNDB-2014-002268 // 
            
            
            
            CNNVD: CNNVD-201404-569 // 
            
            
            
            NVD: CVE-2014-2185

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67099

SOURCES
db:VULHUBid:VHN-70124
db:BIDid:67099
db:JVNDBid:JVNDB-2014-002268
db:CNNVDid:CNNVD-201404-569
db:NVDid:CVE-2014-2185

LAST UPDATE DATE
2024-11-23T22:59:41.146000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70124date:2014-04-29T00:00:00
db:BIDid:67099date:2014-05-02T00:50:00
db:JVNDBid:JVNDB-2014-002268date:2014-04-30T00:00:00
db:CNNVDid:CNNVD-201404-569date:2014-04-30T00:00:00
db:NVDid:CVE-2014-2185date:2024-11-21T02:05:48.897

SOURCES RELEASE DATE
db:VULHUBid:VHN-70124date:2014-04-29T00:00:00
db:BIDid:67099date:2014-04-28T00:00:00
db:JVNDBid:JVNDB-2014-002268date:2014-04-30T00:00:00
db:CNNVDid:CNNVD-201404-569date:2014-04-30T00:00:00
db:NVDid:CVE-2014-2185date:2014-04-29T10:37:04.077