Sign-up

ID

VAR-201410-0992


CVE

CVE-2014-3366


TITLE

Cisco Unified Communications Manager Management Web In the interface SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-005160

DESCRIPTION

SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. An authenticated attacker can leverage this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCup88089. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-3366 // JVNDB: JVNDB-2014-005160 // BID: 70855 // VULHUB: VHN-71306

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:9.1(2.10000.28)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2014-005160 // CNNVD: CNNVD-201410-1433 // NVD: CVE-2014-3366

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3366
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3366
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201410-1433
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71306
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3366
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71306
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71306 // JVNDB: JVNDB-2014-005160 // CNNVD: CNNVD-201410-1433 // NVD: CVE-2014-3366

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-71306 // JVNDB: JVNDB-2014-005160 // NVD: CVE-2014-3366

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-1433

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201410-1433

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005160

PATCH
title:Cisco Unified Communications Manager SQL Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3366
Trust: 0.8
title:36293url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36293
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-005160

EXTERNAL IDS
db:NVDid:CVE-2014-3366
Trust: 2.8
db:BIDid:70855
Trust: 1.4
db:SECTRACKid:1031160
Trust: 1.1
db:JVNDBid:JVNDB-2014-005160
Trust: 0.8
db:CNNVDid:CNNVD-201410-1433
Trust: 0.7
db:VULHUBid:VHN-71306
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71306 // 
            
            
            
            BID: 70855 // 
            
            
            
            JVNDB: JVNDB-2014-005160 // 
            
            
            
            CNNVD: CNNVD-201410-1433 // 
            
            
            
            NVD: CVE-2014-3366

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3366
Trust: 1.7
url:http://www.securityfocus.com/bid/70855
Trust: 1.1
url:http://www.securitytracker.com/id/1031160
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/98405
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3366
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3366
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71306 // 
            
            
            
            BID: 70855 // 
            
            
            
            JVNDB: JVNDB-2014-005160 // 
            
            
            
            CNNVD: CNNVD-201410-1433 // 
            
            
            
            NVD: CVE-2014-3366

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 70855

SOURCES
db:VULHUBid:VHN-71306
db:BIDid:70855
db:JVNDBid:JVNDB-2014-005160
db:CNNVDid:CNNVD-201410-1433
db:NVDid:CVE-2014-3366

LAST UPDATE DATE
2024-11-23T22:42:31.982000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71306date:2017-08-29T00:00:00
db:BIDid:70855date:2014-10-30T00:00:00
db:JVNDBid:JVNDB-2014-005160date:2014-11-04T00:00:00
db:CNNVDid:CNNVD-201410-1433date:2014-11-02T00:00:00
db:NVDid:CVE-2014-3366date:2024-11-21T02:07:57.117

SOURCES RELEASE DATE
db:VULHUBid:VHN-71306date:2014-10-31T00:00:00
db:BIDid:70855date:2014-10-30T00:00:00
db:JVNDBid:JVNDB-2014-005160date:2014-11-04T00:00:00
db:CNNVDid:CNNVD-201410-1433date:2014-10-31T00:00:00
db:NVDid:CVE-2014-3366date:2014-10-31T10:55:02.033