Sign-up

ID

VAR-201407-0382


CVE

CVE-2014-3319


TITLE

Cisco Unified Communications Manager Real-Time Monitoring Tool Directory Traversal Vulnerability

Trust: 0.9

sources: BID: 68701 // CNNVD: CNNVD-201407-313

DESCRIPTION

Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. Exploiting this issue may allow an attacker to upload arbitrary files to arbitrary locations that could aid in further attacks. This issue is being tracked by Cisco Bug ID CSCup57676. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-3319 // JVNDB: JVNDB-2014-003351 // BID: 68701 // VULHUB: VHN-71259

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:10.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:10.0(1)

Trust: 1.1

sources: BID: 68701 // JVNDB: JVNDB-2014-003351 // CNNVD: CNNVD-201407-313 // NVD: CVE-2014-3319

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3319
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3319
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201407-313
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71259
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3319
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71259
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71259 // JVNDB: JVNDB-2014-003351 // CNNVD: CNNVD-201407-313 // NVD: CVE-2014-3319

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-71259 // JVNDB: JVNDB-2014-003351 // NVD: CVE-2014-3319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-313

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201407-313

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003351

PATCH
title:Cisco Unified Communications Manager Real-Time Monitoring Tool Path Traversal Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319
Trust: 0.8
title:34909url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34909
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003351

EXTERNAL IDS
db:NVDid:CVE-2014-3319
Trust: 2.8
db:SECUNIAid:59734
Trust: 1.1
db:SECTRACKid:1030554
Trust: 1.1
db:JVNDBid:JVNDB-2014-003351
Trust: 0.8
db:CNNVDid:CNNVD-201407-313
Trust: 0.7
db:BIDid:68701
Trust: 0.4
db:VULHUBid:VHN-71259
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71259 // 
            
            
            
            BID: 68701 // 
            
            
            
            JVNDB: JVNDB-2014-003351 // 
            
            
            
            CNNVD: CNNVD-201407-313 // 
            
            
            
            NVD: CVE-2014-3319

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3319
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34909
Trust: 2.0
url:http://www.securitytracker.com/id/1030554
Trust: 1.1
url:http://secunia.com/advisories/59734
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/94436
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3319
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3319
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71259 // 
            
            
            
            BID: 68701 // 
            
            
            
            JVNDB: JVNDB-2014-003351 // 
            
            
            
            CNNVD: CNNVD-201407-313 // 
            
            
            
            NVD: CVE-2014-3319

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 68701

SOURCES
db:VULHUBid:VHN-71259
db:BIDid:68701
db:JVNDBid:JVNDB-2014-003351
db:CNNVDid:CNNVD-201407-313
db:NVDid:CVE-2014-3319

LAST UPDATE DATE
2024-11-23T22:02:04.848000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71259date:2017-08-29T00:00:00
db:BIDid:68701date:2014-07-11T00:00:00
db:JVNDBid:JVNDB-2014-003351date:2014-07-16T00:00:00
db:CNNVDid:CNNVD-201407-313date:2014-07-15T00:00:00
db:NVDid:CVE-2014-3319date:2024-11-21T02:07:51.507

SOURCES RELEASE DATE
db:VULHUBid:VHN-71259date:2014-07-14T00:00:00
db:BIDid:68701date:2014-07-11T00:00:00
db:JVNDBid:JVNDB-2014-003351date:2014-07-16T00:00:00
db:CNNVDid:CNNVD-201407-313date:2014-07-15T00:00:00
db:NVDid:CVE-2014-3319date:2014-07-14T21:55:05.843