Details of VAR-201412-0290

ID

VAR-201412-0290

CVE

CVE-2014-8003

TITLE

Cisco Integrated Management Controller 'map-nfs' Command Local Privilege Escalation Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-08649 // BID: 71382

DESCRIPTION

Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998. Successful exploits will result in the complete compromise of the affected device. This issue being tracked by Cisco Bug ID CSCup05998. Cisco Integrated Management Controller (IMC) is a set of management tools used for it, which supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. A security vulnerability exists in Cisco UCS 2.2(2c)A and earlier versions of Cisco IMC

Trust: 2.52

sources: NVD: CVE-2014-8003 // JVNDB: JVNDB-2014-005942 // CNVD: CNVD-2014-08649 // BID: 71382 // VULHUB: VHN-75948

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-08649

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system	scope:	lte	version:	2.2\(2c\)a	Trust: 1.0
vendor:	cisco	model:	unified computing system software	scope:	lte	version:	2.2(2c)a	Trust: 0.8
vendor:	cisco	model:	integrated management controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(2c\)a	Trust: 0.6

sources: CNVD: CNVD-2014-08649 // JVNDB: JVNDB-2014-005942 // CNNVD: CNNVD-201412-122 // NVD: CVE-2014-8003

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8003
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-8003
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-08649
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201412-122
value:	HIGH
Trust: 0.6
VULHUB:	VHN-75948
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-8003
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-08649
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-75948
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-08649 // VULHUB: VHN-75948 // JVNDB: JVNDB-2014-005942 // CNNVD: CNNVD-201412-122 // NVD: CVE-2014-8003

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-75948 // JVNDB: JVNDB-2014-005942 // NVD: CVE-2014-8003

THREAT TYPE

local

Trust: 0.9

sources: BID: 71382 // CNNVD: CNNVD-201412-122

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201412-122

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005942

PATCH

title:	Cisco Integrated Management Controller Privilege Escalation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8003	Trust: 0.8
title:	36562	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=36562	Trust: 0.8

sources: JVNDB: JVNDB-2014-005942

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8003	Trust: 3.4
db:	BID	id:	71382	Trust: 1.6
db:	JVNDB	id:	JVNDB-2014-005942	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-122	Trust: 0.7
db:	CNVD	id:	CNVD-2014-08649	Trust: 0.6
db:	VULHUB	id:	VHN-75948	Trust: 0.1

sources: CNVD: CNVD-2014-08649 // VULHUB: VHN-75948 // BID: 71382 // JVNDB: JVNDB-2014-005942 // CNNVD: CNNVD-201412-122 // NVD: CVE-2014-8003

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8003	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=36562	Trust: 1.7
url:	http://www.securityfocus.com/bid/71382	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8003	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8003	Trust: 0.8
url:	www.cisco.com	Trust: 0.3

sources: CNVD: CNVD-2014-08649 // VULHUB: VHN-75948 // BID: 71382 // JVNDB: JVNDB-2014-005942 // CNNVD: CNNVD-201412-122 // NVD: CVE-2014-8003

CREDITS

Cisco

Trust: 0.9

sources: BID: 71382 // CNNVD: CNNVD-201412-122

SOURCES

db:	CNVD	id:	CNVD-2014-08649
db:	VULHUB	id:	VHN-75948
db:	BID	id:	71382
db:	JVNDB	id:	JVNDB-2014-005942
db:	CNNVD	id:	CNNVD-201412-122
db:	NVD	id:	CVE-2014-8003

LAST UPDATE DATE

2024-11-23T22:45:59.962000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-08649	date:	2014-12-03T00:00:00
db:	VULHUB	id:	VHN-75948	date:	2015-01-24T00:00:00
db:	BID	id:	71382	date:	2014-12-01T00:00:00
db:	JVNDB	id:	JVNDB-2014-005942	date:	2014-12-15T00:00:00
db:	CNNVD	id:	CNNVD-201412-122	date:	2014-12-12T00:00:00
db:	NVD	id:	CVE-2014-8003	date:	2024-11-21T02:18:24.693

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-08649	date:	2014-12-03T00:00:00
db:	VULHUB	id:	VHN-75948	date:	2014-12-10T00:00:00
db:	BID	id:	71382	date:	2014-12-01T00:00:00
db:	JVNDB	id:	JVNDB-2014-005942	date:	2014-12-15T00:00:00
db:	CNNVD	id:	CNNVD-201412-122	date:	2014-12-05T00:00:00
db:	NVD	id:	CVE-2014-8003	date:	2014-12-10T21:59:14.303