Sign-up

ID

VAR-201408-0159


CVE

CVE-2014-3336


TITLE

Cisco Unity Connection of Web In the framework SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-003737

DESCRIPTION

SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is being tracked by Cisco Bug ID CSCuq31016. The platform can use voice commands to make calls or listen to messages "hands-free"

Trust: 1.98

sources: NVD: CVE-2014-3336 // JVNDB: JVNDB-2014-003737 // BID: 69163 // VULHUB: VHN-71276

AFFECTED PRODUCTS

vendor:ciscomodel:unity connectionscope:eqversion:9.1\(2\)

Trust: 1.6

vendor:ciscomodel:unity connectionscope:eqversion:9.1\(1\)

Trust: 1.6

vendor:ciscomodel:unity connectionscope:lteversion:9.1(2)

Trust: 0.8

sources: JVNDB: JVNDB-2014-003737 // CNNVD: CNNVD-201408-134 // NVD: CVE-2014-3336

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3336
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3336
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201408-134
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71276
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3336
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71276
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71276 // JVNDB: JVNDB-2014-003737 // CNNVD: CNNVD-201408-134 // NVD: CVE-2014-3336

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-71276 // JVNDB: JVNDB-2014-003737 // NVD: CVE-2014-3336

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-134

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201408-134

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003737

PATCH
title:Cisco Unity Connection SQL Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3336
Trust: 0.8
title:35228url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35228
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003737

EXTERNAL IDS
db:NVDid:CVE-2014-3336
Trust: 2.8
db:BIDid:69163
Trust: 2.0
db:SECTRACKid:1030704
Trust: 1.1
db:SECUNIAid:59498
Trust: 1.1
db:JVNDBid:JVNDB-2014-003737
Trust: 0.8
db:CNNVDid:CNNVD-201408-134
Trust: 0.7
db:VULHUBid:VHN-71276
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71276 // 
            
            
            
            BID: 69163 // 
            
            
            
            JVNDB: JVNDB-2014-003737 // 
            
            
            
            CNNVD: CNNVD-201408-134 // 
            
            
            
            NVD: CVE-2014-3336

REFERENCES
url:http://www.securityfocus.com/bid/69163
Trust: 1.7
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3336
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=35228
Trust: 1.7
url:http://www.securitytracker.com/id/1030704
Trust: 1.1
url:http://secunia.com/advisories/59498
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/95187
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3336
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3336
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71276 // 
            
            
            
            BID: 69163 // 
            
            
            
            JVNDB: JVNDB-2014-003737 // 
            
            
            
            CNNVD: CNNVD-201408-134 // 
            
            
            
            NVD: CVE-2014-3336

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 69163 // 
            
            
            
            CNNVD: CNNVD-201408-134

SOURCES
db:VULHUBid:VHN-71276
db:BIDid:69163
db:JVNDBid:JVNDB-2014-003737
db:CNNVDid:CNNVD-201408-134
db:NVDid:CVE-2014-3336

LAST UPDATE DATE
2024-11-23T22:56:32.893000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71276date:2017-08-29T00:00:00
db:BIDid:69163date:2014-08-12T00:41:00
db:JVNDBid:JVNDB-2014-003737date:2014-08-13T00:00:00
db:CNNVDid:CNNVD-201408-134date:2014-08-12T00:00:00
db:NVDid:CVE-2014-3336date:2024-11-21T02:07:53.450

SOURCES RELEASE DATE
db:VULHUBid:VHN-71276date:2014-08-11T00:00:00
db:BIDid:69163date:2014-08-08T00:00:00
db:JVNDBid:JVNDB-2014-003737date:2014-08-13T00:00:00
db:CNNVDid:CNNVD-201408-134date:2014-08-12T00:00:00
db:NVDid:CVE-2014-3336date:2014-08-11T20:55:07.217