Details of VAR-201408-0157

ID

VAR-201408-0157

CVE

CVE-2014-3333

TITLE

Cisco Unity Connection Vulnerability in Privileged Access Rights Obtained on Servers

Trust: 0.8

sources: JVNDB: JVNDB-2014-003736

DESCRIPTION

The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014. Cisco Unity Connection The server contains a vulnerability that allows privileged access. This issue is being tracked by Cisco Bug ID CSCup41014. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free"

Trust: 1.98

sources: NVD: CVE-2014-3333 // JVNDB: JVNDB-2014-003736 // BID: 69074 // VULHUB: VHN-71273

AFFECTED PRODUCTS

vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1\(2\)	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1\(1\)	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1(1)	Trust: 0.8
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1(2)	Trust: 0.8
vendor:	cisco	model:	unity connection	scope:	eq	version:	0	Trust: 0.3

sources: BID: 69074 // JVNDB: JVNDB-2014-003736 // CNNVD: CNNVD-201408-121 // NVD: CVE-2014-3333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3333
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3333
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201408-121
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-71273
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3333
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71273
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71273 // JVNDB: JVNDB-2014-003736 // CNNVD: CNNVD-201408-121 // NVD: CVE-2014-3333

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-71273 // JVNDB: JVNDB-2014-003736 // NVD: CVE-2014-3333

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-121

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201408-121

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003736

PATCH

title:	Cisco Unity Connection HTTP Intercept Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333	Trust: 0.8
title:	35200	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35200	Trust: 0.8

sources: JVNDB: JVNDB-2014-003736

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3333	Trust: 2.8
db:	SECUNIA	id:	59768	Trust: 1.7
db:	BID	id:	69074	Trust: 1.4
db:	SECTRACK	id:	1030688	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-003736	Trust: 0.8
db:	CNNVD	id:	CNNVD-201408-121	Trust: 0.7
db:	VULHUB	id:	VHN-71273	Trust: 0.1

sources: VULHUB: VHN-71273 // BID: 69074 // JVNDB: JVNDB-2014-003736 // CNNVD: CNNVD-201408-121 // NVD: CVE-2014-3333

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3333	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35200	Trust: 1.7
url:	http://secunia.com/advisories/59768	Trust: 1.7
url:	http://www.securityfocus.com/bid/69074	Trust: 1.1
url:	http://www.securitytracker.com/id/1030688	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/95135	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3333	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3333	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps6509/index.html	Trust: 0.3

sources: VULHUB: VHN-71273 // BID: 69074 // JVNDB: JVNDB-2014-003736 // CNNVD: CNNVD-201408-121 // NVD: CVE-2014-3333

CREDITS

Cisco

Trust: 0.3

sources: BID: 69074

SOURCES

db:	VULHUB	id:	VHN-71273
db:	BID	id:	69074
db:	JVNDB	id:	JVNDB-2014-003736
db:	CNNVD	id:	CNNVD-201408-121
db:	NVD	id:	CVE-2014-3333

LAST UPDATE DATE

2024-11-23T22:31:17.321000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71273	date:	2017-08-29T00:00:00
db:	BID	id:	69074	date:	2014-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-003736	date:	2014-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201408-121	date:	2014-08-12T00:00:00
db:	NVD	id:	CVE-2014-3333	date:	2024-11-21T02:07:53.180

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71273	date:	2014-08-11T00:00:00
db:	BID	id:	69074	date:	2014-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-003736	date:	2014-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201408-121	date:	2014-08-11T00:00:00
db:	NVD	id:	CVE-2014-3333	date:	2014-08-11T20:55:07.170