Sign-up

ID

VAR-201407-0379


CVE

CVE-2014-3316


TITLE

Cisco Unified Communications Manager of Dialed Number Analyzer Vulnerability that bypasses upload restrictions in components

Trust: 0.8

sources: JVNDB: JVNDB-2014-003310

DESCRIPTION

The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297. Cisco Unified Communications Manager is prone to an arbitrary file-upload vulnerability. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. This issue is being tracked by Cisco Bug ID CSCup76297. Dialed Number Analyzer (DNA) is one of the serviceability tools used to analyze dial plans for specific numbers

Trust: 1.98

sources: NVD: CVE-2014-3316 // JVNDB: JVNDB-2014-003310 // BID: 68479 // VULHUB: VHN-71256

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:10.0\(1\)_base

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.0(1)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2014-003310 // CNNVD: CNNVD-201407-256 // NVD: CVE-2014-3316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3316
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3316
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201407-256
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71256
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3316
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71256
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71256 // JVNDB: JVNDB-2014-003310 // CNNVD: CNNVD-201407-256 // NVD: CVE-2014-3316

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-71256 // JVNDB: JVNDB-2014-003310 // NVD: CVE-2014-3316

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-256

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201407-256

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003310

PATCH
title:Cisco Unified Communications Manager DNA Arbitrary File Upload Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316
Trust: 0.8
title:34899url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34899
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003310

EXTERNAL IDS
db:NVDid:CVE-2014-3316
Trust: 2.8
db:BIDid:68479
Trust: 1.4
db:SECUNIAid:59730
Trust: 1.1
db:SECTRACKid:1030554
Trust: 1.1
db:JVNDBid:JVNDB-2014-003310
Trust: 0.8
db:CNNVDid:CNNVD-201407-256
Trust: 0.7
db:VULHUBid:VHN-71256
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71256 // 
            
            
            
            BID: 68479 // 
            
            
            
            JVNDB: JVNDB-2014-003310 // 
            
            
            
            CNNVD: CNNVD-201407-256 // 
            
            
            
            NVD: CVE-2014-3316

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3316
Trust: 1.7
url:http://www.securityfocus.com/bid/68479
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34899
Trust: 1.1
url:http://www.securitytracker.com/id/1030554
Trust: 1.1
url:http://secunia.com/advisories/59730
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/94429
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3316
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3316
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71256 // 
            
            
            
            BID: 68479 // 
            
            
            
            JVNDB: JVNDB-2014-003310 // 
            
            
            
            CNNVD: CNNVD-201407-256 // 
            
            
            
            NVD: CVE-2014-3316

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 68479

SOURCES
db:VULHUBid:VHN-71256
db:BIDid:68479
db:JVNDBid:JVNDB-2014-003310
db:CNNVDid:CNNVD-201407-256
db:NVDid:CVE-2014-3316

LAST UPDATE DATE
2024-11-23T22:02:04.818000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71256date:2017-08-29T00:00:00
db:BIDid:68479date:2014-07-14T00:57:00
db:JVNDBid:JVNDB-2014-003310date:2014-07-11T00:00:00
db:CNNVDid:CNNVD-201407-256date:2014-07-11T00:00:00
db:NVDid:CVE-2014-3316date:2024-11-21T02:07:51.147

SOURCES RELEASE DATE
db:VULHUBid:VHN-71256date:2014-07-10T00:00:00
db:BIDid:68479date:2014-07-09T00:00:00
db:JVNDBid:JVNDB-2014-003310date:2014-07-11T00:00:00
db:CNNVDid:CNNVD-201407-256date:2014-07-11T00:00:00
db:NVDid:CVE-2014-3316date:2014-07-10T11:06:28.020