Sign-up

ID

VAR-201505-0334


CVE

CVE-2014-2174


TITLE

plural Cisco TelePresence In product root Privileged vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-008062

DESCRIPTION

Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651. Vendors have confirmed this vulnerability Bug ID CSCub67651 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy sending packets to the local network by a third party, root By an authorized attacker and physically able to control the device, root You may get permission. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco). TC and so on are the terminal software

Trust: 2.07

sources: NVD: CVE-2014-2174 // JVNDB: JVNDB-2014-008062 // BID: 74639 // VULHUB: VHN-70113 // VULMON: CVE-2014-2174

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.1

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.3.0

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.3

Trust: 1.9

vendor:ciscomodel:telepresence te softwarescope:eqversion:6.0.2

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.2

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.1.2

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.0

Trust: 1.9

vendor:ciscomodel:telepresence te softwarescope:eqversion:6.0.1

Trust: 1.9

vendor:ciscomodel:telepresence te softwarescope:eqversion:6.0.0

Trust: 1.6

vendor:ciscomodel:telepresence te softwarescope:eqversion:6.0_base

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0.0

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0.2

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.4

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.2

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.1.1

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.6

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:3.1.5

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.7

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.3

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0.1

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.0.2

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.5

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.4

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.1

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.4-cucm

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.1_base

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.0_base

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2_base

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.7-cucm

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.1-cucm

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:3.1_base

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0.0-cucm

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.0.2-cucm

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.2-cucm

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.1.0

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1_base

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.3-cucm

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.0

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.5-cucm

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.0-cucm

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0.1-cucm

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.6-cucm

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0_base

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1_base

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:ltversion:7.1

Trust: 0.8

vendor:ciscomodel:telepresence te softwarescope:ltversion:7.1

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:telepresence tc software 6.0.1-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence tc software 6.1.2-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:3.1

Trust: 0.3

vendor:ciscomodel:telepresence tc software 6.1.1-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:telepresence tc software 5.1.4-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence tc software 5.0.2-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence tc software 5.1.3-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence tc software 6.1.0-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:neversion:7.3.2

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2

Trust: 0.3

vendor:ciscomodel:telepresence tc software 5.1.6-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence te softwarescope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:telepresence tc software 5.1.7-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1

Trust: 0.3

vendor:ciscomodel:telepresence tc software 6.0.0-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence tc software 5.1.5-cucmscope: - version: -

Trust: 0.3

sources: BID: 74639 // JVNDB: JVNDB-2014-008062 // CNNVD: CNNVD-201505-240 // NVD: CVE-2014-2174

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2174
value: HIGH

Trust: 1.0

NVD: CVE-2014-2174
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201505-240
value: HIGH

Trust: 0.6

VULHUB: VHN-70113
value: HIGH

Trust: 0.1

VULMON: CVE-2014-2174
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2174
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-70113
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70113 // VULMON: CVE-2014-2174 // JVNDB: JVNDB-2014-008062 // CNNVD: CNNVD-201505-240 // NVD: CVE-2014-2174

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-70113 // JVNDB: JVNDB-2014-008062 // NVD: CVE-2014-2174

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201505-240

TYPE

Access Validation Error

Trust: 0.3

sources: BID: 74639

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008062

PATCH
title:cisco-sa-20150513-tcurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc
Trust: 0.8
title:38719url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38719
Trust: 0.8
title:cisco-sa-20150513-tcurl:http://www.cisco.com/cisco/web/support/JP/112/1129/1129379_cisco-sa-20150513-tc-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008062

EXTERNAL IDS
db:NVDid:CVE-2014-2174
Trust: 2.9
db:JVNDBid:JVNDB-2014-008062
Trust: 0.8
db:CNNVDid:CNNVD-201505-240
Trust: 0.7
db:SECUNIAid:64495
Trust: 0.6
db:BIDid:74639
Trust: 0.4
db:VULHUBid:VHN-70113
Trust: 0.1
db:VULMONid:CVE-2014-2174
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70113 // 
            
            
            
            VULMON: CVE-2014-2174 // 
            
            
            
            BID: 74639 // 
            
            
            
            JVNDB: JVNDB-2014-008062 // 
            
            
            
            CNNVD: CNNVD-201505-240 // 
            
            
            
            NVD: CVE-2014-2174

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150513-tc
Trust: 2.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2174
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2174
Trust: 0.8
url:http://secunia.com/advisories/64495
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38719
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/284.html
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/cisco-telepresence-cve-2014-2174
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70113 // 
            
            
            
            VULMON: CVE-2014-2174 // 
            
            
            
            BID: 74639 // 
            
            
            
            JVNDB: JVNDB-2014-008062 // 
            
            
            
            CNNVD: CNNVD-201505-240 // 
            
            
            
            NVD: CVE-2014-2174

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74639

SOURCES
db:VULHUBid:VHN-70113
db:VULMONid:CVE-2014-2174
db:BIDid:74639
db:JVNDBid:JVNDB-2014-008062
db:CNNVDid:CNNVD-201505-240
db:NVDid:CVE-2014-2174

LAST UPDATE DATE
2024-11-23T21:54:58.583000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70113date:2015-05-26T00:00:00
db:VULMONid:CVE-2014-2174date:2015-05-26T00:00:00
db:BIDid:74639date:2015-05-13T00:00:00
db:JVNDBid:JVNDB-2014-008062date:2015-05-27T00:00:00
db:CNNVDid:CNNVD-201505-240date:2015-05-25T00:00:00
db:NVDid:CVE-2014-2174date:2024-11-21T02:05:47.530

SOURCES RELEASE DATE
db:VULHUBid:VHN-70113date:2015-05-25T00:00:00
db:VULMONid:CVE-2014-2174date:2015-05-25T00:00:00
db:BIDid:74639date:2015-05-13T00:00:00
db:JVNDBid:JVNDB-2014-008062date:2015-05-27T00:00:00
db:CNNVDid:CNNVD-201505-240date:2015-05-15T00:00:00
db:NVDid:CVE-2014-2174date:2015-05-25T00:59:00.073