Details of VAR-201407-0386

ID

VAR-201407-0386

CVE

CVE-2014-3323

TITLE

Cisco Unified Contact Center Enterprise Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2014-003480

DESCRIPTION

Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCun25262

Trust: 2.61

sources: NVD: CVE-2014-3323 // JVNDB: JVNDB-2014-003480 // CNVD: CNVD-2014-04525 // BID: 68686 // VULHUB: VHN-71263 // VULMON: CVE-2014-3323

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-04525

AFFECTED PRODUCTS

vendor:	cisco	model:	unified contact center enterprise	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	lte	version:	7.5	Trust: 0.8

sources: CNVD: CNVD-2014-04525 // JVNDB: JVNDB-2014-003480 // CNNVD: CNNVD-201407-472 // NVD: CVE-2014-3323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3323
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3323
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-04525
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201407-472
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71263
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-3323
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3323
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2014-04525
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71263
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-04525 // VULHUB: VHN-71263 // VULMON: CVE-2014-3323 // JVNDB: JVNDB-2014-003480 // CNNVD: CNNVD-201407-472 // NVD: CVE-2014-3323

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-71263 // JVNDB: JVNDB-2014-003480 // NVD: CVE-2014-3323

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-472

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201407-472

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003480

PATCH

title:	Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3323	Trust: 0.8
title:	34956	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34956	Trust: 0.8
title:	Patch for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/47724	Trust: 0.6

sources: CNVD: CNVD-2014-04525 // JVNDB: JVNDB-2014-003480

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3323	Trust: 3.5
db:	BID	id:	68686	Trust: 2.1
db:	SECTRACK	id:	1030612	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-003480	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-472	Trust: 0.7
db:	CNVD	id:	CNVD-2014-04525	Trust: 0.6
db:	VULHUB	id:	VHN-71263	Trust: 0.1
db:	VULMON	id:	CVE-2014-3323	Trust: 0.1

sources: CNVD: CNVD-2014-04525 // VULHUB: VHN-71263 // VULMON: CVE-2014-3323 // BID: 68686 // JVNDB: JVNDB-2014-003480 // CNNVD: CNNVD-201407-472 // NVD: CVE-2014-3323

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3323	Trust: 2.4
url:	http://www.securityfocus.com/bid/68686	Trust: 1.8
url:	http://www.securitytracker.com/id/1030612	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3323	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3323	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34956	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2014-04525 // VULHUB: VHN-71263 // VULMON: CVE-2014-3323 // BID: 68686 // JVNDB: JVNDB-2014-003480 // CNNVD: CNNVD-201407-472 // NVD: CVE-2014-3323

CREDITS

Cisco

Trust: 0.3

sources: BID: 68686

SOURCES

db:	CNVD	id:	CNVD-2014-04525
db:	VULHUB	id:	VHN-71263
db:	VULMON	id:	CVE-2014-3323
db:	BID	id:	68686
db:	JVNDB	id:	JVNDB-2014-003480
db:	CNNVD	id:	CNNVD-201407-472
db:	NVD	id:	CVE-2014-3323

LAST UPDATE DATE

2024-11-23T22:27:15.784000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-04525	date:	2014-07-23T00:00:00
db:	VULHUB	id:	VHN-71263	date:	2015-12-03T00:00:00
db:	VULMON	id:	CVE-2014-3323	date:	2015-12-03T00:00:00
db:	BID	id:	68686	date:	2014-07-21T00:30:00
db:	JVNDB	id:	JVNDB-2014-003480	date:	2014-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201407-472	date:	2014-07-24T00:00:00
db:	NVD	id:	CVE-2014-3323	date:	2024-11-21T02:07:51.990

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-04525	date:	2014-07-23T00:00:00
db:	VULHUB	id:	VHN-71263	date:	2014-07-18T00:00:00
db:	VULMON	id:	CVE-2014-3323	date:	2014-07-18T00:00:00
db:	BID	id:	68686	date:	2014-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-003480	date:	2014-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201407-472	date:	2014-07-24T00:00:00
db:	NVD	id:	CVE-2014-3323	date:	2014-07-18T00:55:04.970