Details of VAR-201501-0325

ID

VAR-201501-0325

CVE

CVE-2014-8008

TITLE

Cisco Unified Communications Manager of Real-Time Monitoring Tool API Vulnerable to absolute path traversal

Trust: 0.8

sources: JVNDB: JVNDB-2014-007786

DESCRIPTION

Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. An attacker can exploit this issue to gain access to sensitive information stored in arbitrary files, that may aid in further attacks. This issue is being tracked by Cisco Bug Id CSCur49414. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 2.07

sources: NVD: CVE-2014-8008 // JVNDB: JVNDB-2014-007786 // BID: 72263 // VULHUB: VHN-75953 // VULMON: CVE-2014-8008

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	9.1(.2)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5	Trust: 0.3

sources: BID: 72263 // JVNDB: JVNDB-2014-007786 // CNNVD: CNNVD-201501-554 // NVD: CVE-2014-8008

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8008
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-8008
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201501-554
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-75953
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-8008
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-8008
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-75953
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-75953 // VULMON: CVE-2014-8008 // JVNDB: JVNDB-2014-007786 // CNNVD: CNNVD-201501-554 // NVD: CVE-2014-8008

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-75953 // JVNDB: JVNDB-2014-007786 // NVD: CVE-2014-8008

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-554

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201501-554

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007786

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-75953 // VULMON: CVE-2014-8008

PATCH

title:	Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008	Trust: 0.8
title:	37111	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37111	Trust: 0.8

sources: JVNDB: JVNDB-2014-007786

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8008	Trust: 2.9
db:	BID	id:	72263	Trust: 1.5
db:	SECTRACK	id:	1031604	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-007786	Trust: 0.8
db:	CNNVD	id:	CNNVD-201501-554	Trust: 0.7
db:	EXPLOIT-DB	id:	37816	Trust: 0.2
db:	VULHUB	id:	VHN-75953	Trust: 0.1
db:	VULMON	id:	CVE-2014-8008	Trust: 0.1

sources: VULHUB: VHN-75953 // VULMON: CVE-2014-8008 // BID: 72263 // JVNDB: JVNDB-2014-007786 // CNNVD: CNNVD-201501-554 // NVD: CVE-2014-8008

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8008	Trust: 1.8
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=37111	Trust: 1.3
url:	http://www.securityfocus.com/bid/72263	Trust: 1.2
url:	http://www.securitytracker.com/id/1031604	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8008	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8008	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps7060/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/37816/	Trust: 0.1

sources: VULHUB: VHN-75953 // VULMON: CVE-2014-8008 // BID: 72263 // JVNDB: JVNDB-2014-007786 // CNNVD: CNNVD-201501-554 // NVD: CVE-2014-8008

CREDITS

Cisco

Trust: 0.3

sources: BID: 72263

SOURCES

db:	VULHUB	id:	VHN-75953
db:	VULMON	id:	CVE-2014-8008
db:	BID	id:	72263
db:	JVNDB	id:	JVNDB-2014-007786
db:	CNNVD	id:	CNNVD-201501-554
db:	NVD	id:	CVE-2014-8008

LAST UPDATE DATE

2024-11-23T19:30:08.551000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-75953	date:	2017-01-03T00:00:00
db:	VULMON	id:	CVE-2014-8008	date:	2017-01-03T00:00:00
db:	BID	id:	72263	date:	2015-03-08T16:01:00
db:	JVNDB	id:	JVNDB-2014-007786	date:	2015-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201501-554	date:	2015-01-27T00:00:00
db:	NVD	id:	CVE-2014-8008	date:	2024-11-21T02:18:25.240

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-75953	date:	2015-01-22T00:00:00
db:	VULMON	id:	CVE-2014-8008	date:	2015-01-22T00:00:00
db:	BID	id:	72263	date:	2015-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2014-007786	date:	2015-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201501-554	date:	2015-01-23T00:00:00
db:	NVD	id:	CVE-2014-8008	date:	2015-01-22T14:01:14.913