Sign-up

ID

VAR-201406-0309


CVE

CVE-2014-3292


TITLE

Cisco Unified Communications Manager of Real Time Monitoring Tool Vulnerable to reading arbitrary files in the Java implementation

Trust: 0.8

sources: JVNDB: JVNDB-2014-002805

DESCRIPTION

The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199. Vendors report this vulnerability Bug ID CSCuo17302 ,and CSCuo17199 Published as.Crafted by a remotely authenticated user URL Any file via (1) Read or (2) It may be deleted. An attacker can exploit these issues to download or delete arbitrary files, which may aid in further attacks. These issues are being tracked by Cisco Bug ID CSCuo17302 and CSCuo17199. Real Time Monitoring Tool (RTMT) is one of the real-time monitoring tools. A security vulnerability exists in Cisco Unified CM's RTMT

Trust: 1.98

sources: NVD: CVE-2014-3292 // JVNDB: JVNDB-2014-002805 // BID: 67982 // VULHUB: VHN-71232

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:10.0(1)

Trust: 1.1

vendor:ciscomodel:unified communications managerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.6

sources: BID: 67982 // JVNDB: JVNDB-2014-002805 // CNNVD: CNNVD-201406-172 // NVD: CVE-2014-3292

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3292
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3292
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201406-172
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71232
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3292
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71232
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71232 // JVNDB: JVNDB-2014-002805 // CNNVD: CNNVD-201406-172 // NVD: CVE-2014-3292

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-71232 // JVNDB: JVNDB-2014-002805 // NVD: CVE-2014-3292

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-172

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201406-172

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002805

PATCH
title:Multiple Vulnerabilities in Real-Time Monitoring Tool of Cisco Unified Communications Managerurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3292
Trust: 0.8
title:34574url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34574
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002805

EXTERNAL IDS
db:NVDid:CVE-2014-3292
Trust: 2.8
db:SECUNIAid:58315
Trust: 1.1
db:SECTRACKid:1030408
Trust: 1.1
db:JVNDBid:JVNDB-2014-002805
Trust: 0.8
db:CNNVDid:CNNVD-201406-172
Trust: 0.7
db:BIDid:67982
Trust: 0.4
db:VULHUBid:VHN-71232
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71232 // 
            
            
            
            BID: 67982 // 
            
            
            
            JVNDB: JVNDB-2014-002805 // 
            
            
            
            CNNVD: CNNVD-201406-172 // 
            
            
            
            NVD: CVE-2014-3292

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3292
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34574
Trust: 1.4
url:http://www.securitytracker.com/id/1030408
Trust: 1.1
url:http://secunia.com/advisories/58315
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3292
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3292
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71232 // 
            
            
            
            BID: 67982 // 
            
            
            
            JVNDB: JVNDB-2014-002805 // 
            
            
            
            CNNVD: CNNVD-201406-172 // 
            
            
            
            NVD: CVE-2014-3292

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67982

SOURCES
db:VULHUBid:VHN-71232
db:BIDid:67982
db:JVNDBid:JVNDB-2014-002805
db:CNNVDid:CNNVD-201406-172
db:NVDid:CVE-2014-3292

LAST UPDATE DATE
2024-11-23T22:18:36.134000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71232date:2016-09-08T00:00:00
db:BIDid:67982date:2014-06-09T00:00:00
db:JVNDBid:JVNDB-2014-002805date:2014-06-11T00:00:00
db:CNNVDid:CNNVD-201406-172date:2014-06-11T00:00:00
db:NVDid:CVE-2014-3292date:2024-11-21T02:07:48.317

SOURCES RELEASE DATE
db:VULHUBid:VHN-71232date:2014-06-10T00:00:00
db:BIDid:67982date:2014-06-09T00:00:00
db:JVNDBid:JVNDB-2014-002805date:2014-06-11T00:00:00
db:CNNVDid:CNNVD-201406-172date:2014-06-11T00:00:00
db:NVDid:CVE-2014-3292date:2014-06-10T11:19:35.860