Sign-up

ID

VAR-201412-0293


CVE

CVE-2014-8009


TITLE

Cisco Unified Computing System of Management Vulnerabilities that can capture important information in subsystems

Trust: 0.8

sources: JVNDB: JVNDB-2014-005943

DESCRIPTION

The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239. Vendors have confirmed this vulnerability Bug ID CSCur99239 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlIf a third party reads the log file, important information may be obtained. Successful exploits may allow an attacker to obtain sensitive information that may lead to further attacks. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2014-8009 // JVNDB: JVNDB-2014-005943 // BID: 71465 // VULHUB: VHN-75954

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:lteversion:2.1\(3f\)

Trust: 1.0

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.1(3f)

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:2.1\(3f\)

Trust: 0.6

sources: JVNDB: JVNDB-2014-005943 // CNNVD: CNNVD-201412-082 // NVD: CVE-2014-8009

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8009
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8009
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-082
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75954
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8009
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75954
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75954 // JVNDB: JVNDB-2014-005943 // CNNVD: CNNVD-201412-082 // NVD: CVE-2014-8009

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-75954 // JVNDB: JVNDB-2014-005943 // NVD: CVE-2014-8009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-082

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201412-082

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005943

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-75954

PATCH
title:Cisco Unified Computing System Manager Information Disclosure Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8009
Trust: 0.8
title:36640url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36640
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-005943

EXTERNAL IDS
db:NVDid:CVE-2014-8009
Trust: 2.8
db:JVNDBid:JVNDB-2014-005943
Trust: 0.8
db:CNNVDid:CNNVD-201412-082
Trust: 0.7
db:SECUNIAid:60603
Trust: 0.6
db:BIDid:71465
Trust: 0.4
db:PACKETSTORMid:130971
Trust: 0.1
db:VULHUBid:VHN-75954
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75954 // 
            
            
            
            BID: 71465 // 
            
            
            
            JVNDB: JVNDB-2014-005943 // 
            
            
            
            CNNVD: CNNVD-201412-082 // 
            
            
            
            NVD: CVE-2014-8009

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8009
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=36640
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8009
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8009
Trust: 0.8
url:http://secunia.com/advisories/60603
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-75954 // 
            
            
            
            BID: 71465 // 
            
            
            
            JVNDB: JVNDB-2014-005943 // 
            
            
            
            CNNVD: CNNVD-201412-082 // 
            
            
            
            NVD: CVE-2014-8009

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71465

SOURCES
db:VULHUBid:VHN-75954
db:BIDid:71465
db:JVNDBid:JVNDB-2014-005943
db:CNNVDid:CNNVD-201412-082
db:NVDid:CVE-2014-8009

LAST UPDATE DATE
2024-11-23T23:12:44.559000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75954date:2015-01-24T00:00:00
db:BIDid:71465date:2014-12-10T00:55:00
db:JVNDBid:JVNDB-2014-005943date:2014-12-15T00:00:00
db:CNNVDid:CNNVD-201412-082date:2014-12-12T00:00:00
db:NVDid:CVE-2014-8009date:2024-11-21T02:18:25.353

SOURCES RELEASE DATE
db:VULHUBid:VHN-75954date:2014-12-10T00:00:00
db:BIDid:71465date:2014-12-03T00:00:00
db:JVNDBid:JVNDB-2014-005943date:2014-12-15T00:00:00
db:CNNVDid:CNNVD-201412-082date:2014-12-05T00:00:00
db:NVDid:CVE-2014-8009date:2014-12-10T21:59:15.337