Sign-up

ID

VAR-201407-0381


CVE

CVE-2014-3318


TITLE

Cisco Unified Communications Manager of Dialed Number Analyzer Directory traversal vulnerability in components

Trust: 0.8

sources: JVNDB: JVNDB-2014-003311

DESCRIPTION

Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318. Vendors have confirmed this vulnerability Bug ID CSCup76318 It is released as.Crafted by remotely authenticated users URL Any file may be read via. Exploiting this issue may allow an attacker to upload arbitrary files to arbitrary locations that could aid in further attacks. This issue is being tracked by Cisco Bug ID CSCup76318. Dialed Number Analyzer (DNA) is one of the serviceability tools used to analyze dial plans for specific numbers

Trust: 1.98

sources: NVD: CVE-2014-3318 // JVNDB: JVNDB-2014-003311 // BID: 68482 // VULHUB: VHN-71258

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:10.0\(1\)_base

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.0(1)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2014-003311 // CNNVD: CNNVD-201407-257 // NVD: CVE-2014-3318

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3318
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3318
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201407-257
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71258
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3318
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71258
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71258 // JVNDB: JVNDB-2014-003311 // CNNVD: CNNVD-201407-257 // NVD: CVE-2014-3318

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-71258 // JVNDB: JVNDB-2014-003311 // NVD: CVE-2014-3318

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-257

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201407-257

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003311

PATCH
title:Cisco Unified Communications Manager DNA Path Traversal Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3318
Trust: 0.8
title:34897url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34897
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003311

EXTERNAL IDS
db:NVDid:CVE-2014-3318
Trust: 2.8
db:BIDid:68482
Trust: 1.4
db:SECUNIAid:59728
Trust: 1.1
db:SECTRACKid:1030554
Trust: 1.1
db:JVNDBid:JVNDB-2014-003311
Trust: 0.8
db:CNNVDid:CNNVD-201407-257
Trust: 0.7
db:VULHUBid:VHN-71258
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71258 // 
            
            
            
            BID: 68482 // 
            
            
            
            JVNDB: JVNDB-2014-003311 // 
            
            
            
            CNNVD: CNNVD-201407-257 // 
            
            
            
            NVD: CVE-2014-3318

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3318
Trust: 1.7
url:http://www.securityfocus.com/bid/68482
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34897
Trust: 1.1
url:http://www.securitytracker.com/id/1030554
Trust: 1.1
url:http://secunia.com/advisories/59728
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/94433
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3318
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3318
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71258 // 
            
            
            
            BID: 68482 // 
            
            
            
            JVNDB: JVNDB-2014-003311 // 
            
            
            
            CNNVD: CNNVD-201407-257 // 
            
            
            
            NVD: CVE-2014-3318

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 68482

SOURCES
db:VULHUBid:VHN-71258
db:BIDid:68482
db:JVNDBid:JVNDB-2014-003311
db:CNNVDid:CNNVD-201407-257
db:NVDid:CVE-2014-3318

LAST UPDATE DATE
2024-11-23T22:02:04.789000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71258date:2017-08-29T00:00:00
db:BIDid:68482date:2014-07-14T00:07:00
db:JVNDBid:JVNDB-2014-003311date:2014-07-11T00:00:00
db:CNNVDid:CNNVD-201407-257date:2014-07-11T00:00:00
db:NVDid:CVE-2014-3318date:2024-11-21T02:07:51.387

SOURCES RELEASE DATE
db:VULHUBid:VHN-71258date:2014-07-10T00:00:00
db:BIDid:68482date:2014-07-09T00:00:00
db:JVNDBid:JVNDB-2014-003311date:2014-07-11T00:00:00
db:CNNVDid:CNNVD-201407-257date:2014-07-11T00:00:00
db:NVDid:CVE-2014-3318date:2014-07-10T11:06:28.067