CVE-2014-0747

The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 3.1 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=33048	Vendor Advisory
http://www.securitytracker.com/id/1029843

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:10.0:::::::*

History

No history.

Information

Published : 2014-02-27 01:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-0747

Mitre link : CVE-2014-0747

CVE.ORG link : CVE-2014-0747

JSON object : View

Products Affected

cisco

unified_communications_manager

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2014-0747", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-02-27T01:55:03.447", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33048", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1029843", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493."}, {"lang": "es", "value": "La implementaci\u00f3n Certificate Authority Proxy Function (CAPF) CLI en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales inyectar comandos a trav\u00e9s de programas CAPF no especificados, tambi\u00e9n conocido como Bug ID CSCum95493."}], "lastModified": "2015-08-01T01:35:28.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F66EDBF-F735-4E44-B650-39FCE806535A", "versionEndIncluding": "10.0\\(1\\)"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65BB9155-89E5-4D54-AF1B-D5CA38392D5D"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFFD96E3-B19F-41B7-86FD-DBFD41382C28"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E9BF838-87A2-43B8-975B-524D7F954BF5"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9600EA23-5428-4312-A38E-480E3C3228BF"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57F5547E-F9C8-4F9C-96A1-563A66EE8D48"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6C20851-DC17-4E89-A6C1-D1B52D47608F"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC830649-C0D4-4FFC-8701-80FB4A706F58"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "935D2815-7146-4125-BDBE-BFAA62A88EC9"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19432E5E-EA68-4B7A-8B99-DEBACBC3F160"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "577571D6-AC59-4A43-B9A5-7B6FC6D2046C"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}