Sign-up

ID

VAR-201408-0156


CVE

CVE-2014-3332


TITLE

Cisco Unified Communications Manager Vulnerabilities in establishing undetected simultaneous logins

Trust: 0.8

sources: JVNDB: JVNDB-2014-003735

DESCRIPTION

Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029. Vendors have confirmed this vulnerability Bug ID CSCup98029 It is released as.Remotely authenticated users can establish undetected simultaneous logins. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCup98029. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. A remote attacker could exploit this vulnerability to log in as an authorized user

Trust: 1.98

sources: NVD: CVE-2014-3332 // JVNDB: JVNDB-2014-003735 // BID: 69068 // VULHUB: VHN-71272

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:lteversion:8.6\(2\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:lteversion:8.6(.2)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:8.6\(2\)

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:8.6

Trust: 0.3

sources: BID: 69068 // JVNDB: JVNDB-2014-003735 // CNNVD: CNNVD-201408-097 // NVD: CVE-2014-3332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3332
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3332
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201408-097
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71272
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3332
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71272
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71272 // JVNDB: JVNDB-2014-003735 // CNNVD: CNNVD-201408-097 // NVD: CVE-2014-3332

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-3332

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-097

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201408-097

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003735

PATCH
title:Cisco Unified Communications Manager Concurrent Login Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332
Trust: 0.8
title:35198url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35198
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003735

EXTERNAL IDS
db:NVDid:CVE-2014-3332
Trust: 2.8
db:BIDid:69068
Trust: 2.0
db:SECTRACKid:1030687
Trust: 1.1
db:JVNDBid:JVNDB-2014-003735
Trust: 0.8
db:CNNVDid:CNNVD-201408-097
Trust: 0.7
db:VULHUBid:VHN-71272
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71272 // 
            
            
            
            BID: 69068 // 
            
            
            
            JVNDB: JVNDB-2014-003735 // 
            
            
            
            CNNVD: CNNVD-201408-097 // 
            
            
            
            NVD: CVE-2014-3332

REFERENCES
url:http://www.securityfocus.com/bid/69068
Trust: 1.7
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3332
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=35198
Trust: 1.7
url:http://www.securitytracker.com/id/1030687
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/95136
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3332
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3332
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps7060/index.html
Trust: 0.3
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71272 // 
            
            
            
            BID: 69068 // 
            
            
            
            JVNDB: JVNDB-2014-003735 // 
            
            
            
            CNNVD: CNNVD-201408-097 // 
            
            
            
            NVD: CVE-2014-3332

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 69068 // 
            
            
            
            CNNVD: CNNVD-201408-097

SOURCES
db:VULHUBid:VHN-71272
db:BIDid:69068
db:JVNDBid:JVNDB-2014-003735
db:CNNVDid:CNNVD-201408-097
db:NVDid:CVE-2014-3332

LAST UPDATE DATE
2024-11-23T22:35:06.579000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71272date:2017-08-29T00:00:00
db:BIDid:69068date:2014-08-11T00:22:00
db:JVNDBid:JVNDB-2014-003735date:2014-08-13T00:00:00
db:CNNVDid:CNNVD-201408-097date:2014-08-12T00:00:00
db:NVDid:CVE-2014-3332date:2024-11-21T02:07:53.053

SOURCES RELEASE DATE
db:VULHUBid:VHN-71272date:2014-08-11T00:00:00
db:BIDid:69068date:2014-08-06T00:00:00
db:JVNDBid:JVNDB-2014-003735date:2014-08-13T00:00:00
db:CNNVDid:CNNVD-201408-097date:2014-08-08T00:00:00
db:NVDid:CVE-2014-3332date:2014-08-11T20:55:07.107