CVE-2014-0741

The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.

CVSS v2.0 6.2 MEDIUM

6.2^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:N

Exploitability : 3.1 / Impact : 9.2

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=33046	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741	Vendor Advisory
http://www.securitytracker.com/id/1029843

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager:4.2.1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:10.0:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:::::::*

Information

Published : 2014-02-26 17:55

Updated : 2015-07-29 09:16

NVD link : CVE-2014-0741

Mitre link : CVE-2014-0741

JSON object : View

CWE

CWE-310

Cryptographic Issues

Advertisement

Products Affected

cisco

unified_communications_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33046", "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33046", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741", "name": "20140225 Cisco Unified Communications Manager CAPF Certificate Import Arbitrary File Read/Write Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securitytracker.com/id/1029843", "name": "1029843", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-0741", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:N", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 9.2, "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-02-27T01:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.0\\(1\\)"}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2015-07-29T16:16Z"}