Details of VAR-201407-0380

ID

VAR-201407-0380

CVE

CVE-2014-3317

TITLE

Cisco Unified Communications Manager of Dialed Number Analyzer Directory traversal vulnerability in components

Trust: 0.8

sources: JVNDB: JVNDB-2014-003350

DESCRIPTION

Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. Vendors have confirmed this vulnerability Bug ID CSCup76314 It is released as.Crafted by remotely authenticated users URL Any file may be deleted through. Cisco Unified Communications Manager is prone to a directory-traversal vulnerability. Exploiting this issue may allow an attacker to upload arbitrary files to arbitrary locations that could aid in further attacks. This issue is being tracked by Cisco Bug ID CSCup76314. Dialed Number Analyzer (DNA) is one of the serviceability tools used to analyze dial plans for specific numbers. A remote attacker could exploit this vulnerability to delete arbitrary files by submitting a specially crafted URL request to an affected device

Trust: 1.98

sources: NVD: CVE-2014-3317 // JVNDB: JVNDB-2014-003350 // BID: 68481 // VULHUB: VHN-71257

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0(1)	Trust: 0.8

sources: JVNDB: JVNDB-2014-003350 // CNNVD: CNNVD-201407-312 // NVD: CVE-2014-3317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3317
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3317
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201407-312
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71257
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3317
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71257
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71257 // JVNDB: JVNDB-2014-003350 // CNNVD: CNNVD-201407-312 // NVD: CVE-2014-3317

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-71257 // JVNDB: JVNDB-2014-003350 // NVD: CVE-2014-3317

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-312

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201407-312

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003350

PATCH

title:	Cisco Unified Communications Manager DNA Path Traversal Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3317	Trust: 0.8
title:	34898	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34898	Trust: 0.8

sources: JVNDB: JVNDB-2014-003350

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3317	Trust: 2.8
db:	BID	id:	68481	Trust: 1.4
db:	SECTRACK	id:	1030554	Trust: 1.1
db:	SECUNIA	id:	59727	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-003350	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-312	Trust: 0.7
db:	VULHUB	id:	VHN-71257	Trust: 0.1

sources: VULHUB: VHN-71257 // BID: 68481 // JVNDB: JVNDB-2014-003350 // CNNVD: CNNVD-201407-312 // NVD: CVE-2014-3317

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3317	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34898	Trust: 1.7
url:	http://www.securityfocus.com/bid/68481	Trust: 1.1
url:	http://www.securitytracker.com/id/1030554	Trust: 1.1
url:	http://secunia.com/advisories/59727	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/94435	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3317	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3317	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-71257 // BID: 68481 // JVNDB: JVNDB-2014-003350 // CNNVD: CNNVD-201407-312 // NVD: CVE-2014-3317

CREDITS

Cisco

Trust: 0.3

sources: BID: 68481

SOURCES

db:	VULHUB	id:	VHN-71257
db:	BID	id:	68481
db:	JVNDB	id:	JVNDB-2014-003350
db:	CNNVD	id:	CNNVD-201407-312
db:	NVD	id:	CVE-2014-3317

LAST UPDATE DATE

2024-11-23T22:02:04.758000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71257	date:	2017-08-29T00:00:00
db:	BID	id:	68481	date:	2014-07-14T00:37:00
db:	JVNDB	id:	JVNDB-2014-003350	date:	2014-07-16T00:00:00
db:	CNNVD	id:	CNNVD-201407-312	date:	2014-07-15T00:00:00
db:	NVD	id:	CVE-2014-3317	date:	2024-11-21T02:07:51.270

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71257	date:	2014-07-14T00:00:00
db:	BID	id:	68481	date:	2014-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-003350	date:	2014-07-16T00:00:00
db:	CNNVD	id:	CNNVD-201407-312	date:	2014-07-15T00:00:00
db:	NVD	id:	CVE-2014-3317	date:	2014-07-14T21:55:05.797