CVE-2014-0742

The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464.

CVSS v2.0 6.2 MEDIUM

6.2^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:N

Exploitability : 3.1 / Impact : 9.2

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=33045	Vendor Advisory
http://www.securitytracker.com/id/1029843

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:10.0:::::::*

History

No history.

Information

Published : 2014-02-27 01:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-0742

Mitre link : CVE-2014-0742

CVE.ORG link : CVE-2014-0742

JSON object : View

Products Affected

cisco

unified_communications_manager

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2014-0742", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:N", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 9.2, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-02-27T01:55:03.350", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33045", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1029843", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464."}, {"lang": "es", "value": "La implementaci\u00f3n Certificate Authority Proxy Function (CAPF) CLI en la funcionalidad de gesti\u00f3n CSR en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales leer o modificar archivos arbitrarios a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCum95464."}], "lastModified": "2015-07-29T17:11:04.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F66EDBF-F735-4E44-B650-39FCE806535A", "versionEndIncluding": "10.0\\(1\\)"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65BB9155-89E5-4D54-AF1B-D5CA38392D5D"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFFD96E3-B19F-41B7-86FD-DBFD41382C28"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E9BF838-87A2-43B8-975B-524D7F954BF5"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9600EA23-5428-4312-A38E-480E3C3228BF"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57F5547E-F9C8-4F9C-96A1-563A66EE8D48"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6C20851-DC17-4E89-A6C1-D1B52D47608F"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC830649-C0D4-4FFC-8701-80FB4A706F58"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "935D2815-7146-4125-BDBE-BFAA62A88EC9"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19432E5E-EA68-4B7A-8B99-DEBACBC3F160"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "577571D6-AC59-4A43-B9A5-7B6FC6D2046C"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}