CVE-2014-0686

Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.

CVSS v2.0 6.0 MEDIUM

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:H/Au:S/C:C/I:C/A:C

Exploitability : 1.5 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/102750
http://secunia.com/advisories/56818
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=32683	Vendor Advisory
http://www.securityfocus.com/bid/65281
https://exchange.xforce.ibmcloud.com/vulnerabilities/90852

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager:9.1\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:9.1\(2\):::::::*

History

No history.

Information

Published : 2014-02-04 05:39

Updated : 2023-12-10 11:31

NVD link : CVE-2014-0686

Mitre link : CVE-2014-0686

CVE.ORG link : CVE-2014-0686

JSON object : View

Products Affected

cisco

unified_communications_manager

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-0686", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 1.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-02-04T05:39:08.480", "references": [{"url": "http://osvdb.org/102750", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/56818", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32683", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/65281", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90852", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908."}, {"lang": "es", "value": "Cisco Unified Communications Manager (tambi\u00e9n conocido como Unified CM) 9.1 (2.10000.28) y anteriores permite a usuarios locales obtener privilegios mediante el aprovechamiento de los permisos de fichero no correctos, tambi\u00e9n conocido como Bug IDs CSCul24917 y CSCul24908."}], "lastModified": "2018-01-03T02:29:03.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3719A935-2B3C-49AC-869F-BD31E7BCD44D", "versionEndIncluding": "9.1\\(2.10000.28\\)"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A1D8DBE-095D-4E38-A93B-D05459F7209E"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "471B6E0B-FCD9-4E93-BDEA-0B69B5296960"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}