Sign-up

ID

VAR-201412-0303


CVE

CVE-2014-8017


TITLE

Cisco Identity Services Engine of periodic-backup In function backup-encryption Password acquisition vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-007361

DESCRIPTION

The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue being tracked by Cisco Bug ID CSCur41673. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 2.07

sources: NVD: CVE-2014-8017 // JVNDB: JVNDB-2014-007361 // BID: 71767 // VULHUB: VHN-75962 // VULMON: CVE-2014-8017

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2014-007361 // CNNVD: CNNVD-201412-465 // NVD: CVE-2014-8017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8017
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8017
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-465
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75962
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-8017
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8017
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-75962
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75962 // VULMON: CVE-2014-8017 // JVNDB: JVNDB-2014-007361 // CNNVD: CNNVD-201412-465 // NVD: CVE-2014-8017

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-75962 // JVNDB: JVNDB-2014-007361 // NVD: CVE-2014-8017

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-465

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201412-465

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007361

PATCH
title:Cisco Identity Services Engine Periodic Backup Password Disclosure Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017
Trust: 0.8
title:Cisco: Cisco Identity Services Engine Periodic Backup Password Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20150106-CVE-2014-8017
Trust: 0.1
sources:
            
            
            VULMON: CVE-2014-8017 // 
            
            
            
            JVNDB: JVNDB-2014-007361

EXTERNAL IDS
db:NVDid:CVE-2014-8017
Trust: 2.9
db:BIDid:71767
Trust: 1.5
db:SECTRACKid:1031425
Trust: 1.2
db:JVNDBid:JVNDB-2014-007361
Trust: 0.8
db:CNNVDid:CNNVD-201412-465
Trust: 0.7
db:VULHUBid:VHN-75962
Trust: 0.1
db:VULMONid:CVE-2014-8017
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75962 // 
            
            
            
            VULMON: CVE-2014-8017 // 
            
            
            
            BID: 71767 // 
            
            
            
            JVNDB: JVNDB-2014-007361 // 
            
            
            
            CNNVD: CNNVD-201412-465 // 
            
            
            
            NVD: CVE-2014-8017

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8017
Trust: 1.8
url:http://www.securityfocus.com/bid/71767
Trust: 1.2
url:http://www.securitytracker.com/id/1031425
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8017
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8017
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150106-cve-2014-8017
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75962 // 
            
            
            
            VULMON: CVE-2014-8017 // 
            
            
            
            BID: 71767 // 
            
            
            
            JVNDB: JVNDB-2014-007361 // 
            
            
            
            CNNVD: CNNVD-201412-465 // 
            
            
            
            NVD: CVE-2014-8017

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71767

SOURCES
db:VULHUBid:VHN-75962
db:VULMONid:CVE-2014-8017
db:BIDid:71767
db:JVNDBid:JVNDB-2014-007361
db:CNNVDid:CNNVD-201412-465
db:NVDid:CVE-2014-8017

LAST UPDATE DATE
2024-11-23T22:35:00.919000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75962date:2017-01-03T00:00:00
db:VULMONid:CVE-2014-8017date:2017-01-03T00:00:00
db:BIDid:71767date:2015-01-12T09:03:00
db:JVNDBid:JVNDB-2014-007361date:2014-12-24T00:00:00
db:CNNVDid:CNNVD-201412-465date:2014-12-24T00:00:00
db:NVDid:CVE-2014-8017date:2024-11-21T02:18:26.130

SOURCES RELEASE DATE
db:VULHUBid:VHN-75962date:2014-12-22T00:00:00
db:VULMONid:CVE-2014-8017date:2014-12-22T00:00:00
db:BIDid:71767date:2014-12-22T00:00:00
db:JVNDBid:JVNDB-2014-007361date:2014-12-24T00:00:00
db:CNNVDid:CNNVD-201412-465date:2014-12-23T00:00:00
db:NVDid:CVE-2014-8017date:2014-12-22T19:59:01.287