Details of VAR-201411-0243

ID

VAR-201411-0243

CVE

CVE-2014-7988

TITLE

Cisco Unity Connection of Unified Messaging Service Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-005285

DESCRIPTION

The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493. Cisco Unity Connection is a comprehensive IP communications system consisting of voice, video, data and mobile products and applications. Allows an attacker to exploit this vulnerability to view log-sensitive information. Cisco Unity Connection is a set of voice message platform of Cisco (Cisco), which can use voice commands to make calls or listen to messages in a "hands-free" manner

Trust: 2.25

sources: NVD: CVE-2014-7988 // JVNDB: JVNDB-2014-005285 // CNVD: CNVD-2014-08191 // VULHUB: VHN-75933

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-08191

AFFECTED PRODUCTS

vendor:	cisco	model:	unity connection	scope:	lte	version:	10.5	Trust: 1.8
vendor:	cisco	model:	unity connection	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.5	Trust: 0.6

sources: CNVD: CNVD-2014-08191 // JVNDB: JVNDB-2014-005285 // CNNVD: CNNVD-201411-107 // NVD: CVE-2014-7988

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-7988
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-7988
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-08191
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201411-107
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-75933
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-7988
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-08191
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-75933
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-08191 // VULHUB: VHN-75933 // JVNDB: JVNDB-2014-005285 // CNNVD: CNNVD-201411-107 // NVD: CVE-2014-7988

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-75933 // JVNDB: JVNDB-2014-005285 // NVD: CVE-2014-7988

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-107

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201411-107

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005285

PATCH

title:	Cisco Unity Connection Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7988	Trust: 0.8
title:	36340	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=36340	Trust: 0.8
title:	Patch for Cisco Unity Connection Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/51763	Trust: 0.6

sources: CNVD: CNVD-2014-08191 // JVNDB: JVNDB-2014-005285

EXTERNAL IDS

db:	NVD	id:	CVE-2014-7988	Trust: 3.1
db:	SECUNIA	id:	62106	Trust: 1.1
db:	SECTRACK	id:	1031177	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-005285	Trust: 0.8
db:	CNVD	id:	CNVD-2014-08191	Trust: 0.6
db:	CNNVD	id:	CNNVD-201411-107	Trust: 0.6
db:	VULHUB	id:	VHN-75933	Trust: 0.1

sources: CNVD: CNVD-2014-08191 // VULHUB: VHN-75933 // JVNDB: JVNDB-2014-005285 // CNNVD: CNNVD-201411-107 // NVD: CVE-2014-7988

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-7988	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=36340	Trust: 1.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7988	Trust: 1.4
url:	http://www.securitytracker.com/id/1031177	Trust: 1.1
url:	http://secunia.com/advisories/62106	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/98493	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7988	Trust: 0.8

sources: CNVD: CNVD-2014-08191 // VULHUB: VHN-75933 // JVNDB: JVNDB-2014-005285 // CNNVD: CNNVD-201411-107 // NVD: CVE-2014-7988

SOURCES

db:	CNVD	id:	CNVD-2014-08191
db:	VULHUB	id:	VHN-75933
db:	JVNDB	id:	JVNDB-2014-005285
db:	CNNVD	id:	CNNVD-201411-107
db:	NVD	id:	CVE-2014-7988

LAST UPDATE DATE

2024-11-23T22:38:54.782000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-08191	date:	2014-11-11T00:00:00
db:	VULHUB	id:	VHN-75933	date:	2017-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2014-005285	date:	2014-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201411-107	date:	2014-11-14T00:00:00
db:	NVD	id:	CVE-2014-7988	date:	2024-11-21T02:18:23.063

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-08191	date:	2014-11-11T00:00:00
db:	VULHUB	id:	VHN-75933	date:	2014-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-005285	date:	2014-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201411-107	date:	2014-11-14T00:00:00
db:	NVD	id:	CVE-2014-7988	date:	2014-11-07T11:55:03.813