CVE-2014-0686

Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.

CVSS v2.0 6.0 MEDIUM

6.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:H/Au:S/C:C/I:C/A:C

Exploitability : 1.5 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=32683	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/90852
http://www.securityfocus.com/bid/65281
http://secunia.com/advisories/56818
http://osvdb.org/102750

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager:9.1\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager:9.1\(2\):::::::*

Information

Published : 2014-02-03 21:39

Updated : 2018-01-02 18:29

NVD link : CVE-2014-0686

Mitre link : CVE-2014-0686

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

cisco

unified_communications_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32683", "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32683", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686", "name": "20140131 Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90852", "name": "cisco-ucm-cve20140686-priv-esc(90852)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/bid/65281", "name": "65281", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/56818", "name": "56818", "tags": [], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/102750", "name": "102750", "tags": [], "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-0686", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.0, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 1.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-02-04T05:39Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "9.1\\(2.10000.28\\)"}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-01-03T02:29Z"}

6.0 /10