Sign-up

ID

VAR-201404-0582


CVE

CVE-2014-2145


TITLE

Cisco Unity Connection Messaging API Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2014-001918

DESCRIPTION

Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071. Cisco Unity Connection is prone to a directory-traversal vulnerability. Exploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. This issue is being tracked by Cisco Bug ID CSCun91071. The platform can use voice commands to make calls or listen to messages "hands-free"

Trust: 1.98

sources: NVD: CVE-2014-2145 // JVNDB: JVNDB-2014-001918 // BID: 66676 // VULHUB: VHN-70084

AFFECTED PRODUCTS

vendor:ciscomodel:unity connectionscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unity connectionscope:lteversion:9.1(2)

Trust: 0.8

sources: JVNDB: JVNDB-2014-001918 // CNNVD: CNNVD-201404-068 // NVD: CVE-2014-2145

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2145
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2145
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201404-068
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70084
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2145
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70084
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70084 // JVNDB: JVNDB-2014-001918 // CNNVD: CNNVD-201404-068 // NVD: CVE-2014-2145

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-70084 // JVNDB: JVNDB-2014-001918 // NVD: CVE-2014-2145

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-068

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201404-068

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001918

PATCH
title:Cisco Unity Connection Directory Traversal Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2145
Trust: 0.8
title:33665url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33665
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001918

EXTERNAL IDS
db:NVDid:CVE-2014-2145
Trust: 2.8
db:BIDid:66676
Trust: 1.4
db:JVNDBid:JVNDB-2014-001918
Trust: 0.8
db:CNNVDid:CNNVD-201404-068
Trust: 0.7
db:CISCOid:20140404 CISCO UNITY CONNECTION DIRECTORY TRAVERSAL VULNERABILITY
Trust: 0.6
db:SEEBUGid:SSVID-62090
Trust: 0.1
db:VULHUBid:VHN-70084
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70084 // 
            
            
            
            BID: 66676 // 
            
            
            
            JVNDB: JVNDB-2014-001918 // 
            
            
            
            CNNVD: CNNVD-201404-068 // 
            
            
            
            NVD: CVE-2014-2145

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2145
Trust: 1.7
url:http://www.securityfocus.com/bid/66676
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2145
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2145
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70084 // 
            
            
            
            BID: 66676 // 
            
            
            
            JVNDB: JVNDB-2014-001918 // 
            
            
            
            CNNVD: CNNVD-201404-068 // 
            
            
            
            NVD: CVE-2014-2145

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 66676

SOURCES
db:VULHUBid:VHN-70084
db:BIDid:66676
db:JVNDBid:JVNDB-2014-001918
db:CNNVDid:CNNVD-201404-068
db:NVDid:CVE-2014-2145

LAST UPDATE DATE
2024-11-23T22:35:16.037000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70084date:2015-09-16T00:00:00
db:BIDid:66676date:2014-04-04T00:00:00
db:JVNDBid:JVNDB-2014-001918date:2014-04-08T00:00:00
db:CNNVDid:CNNVD-201404-068date:2014-04-09T00:00:00
db:NVDid:CVE-2014-2145date:2024-11-21T02:05:44.330

SOURCES RELEASE DATE
db:VULHUBid:VHN-70084date:2014-04-05T00:00:00
db:BIDid:66676date:2014-04-04T00:00:00
db:JVNDBid:JVNDB-2014-001918date:2014-04-08T00:00:00
db:CNNVDid:CNNVD-201404-068date:2014-04-09T00:00:00
db:NVDid:CVE-2014-2145date:2014-04-05T04:01:38.700