Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0741

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2014-0741
Last Modified 29 Jul 2015 12:16:36
Published 26 Feb 2014 08:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-0741

Summary

The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.

Vulnerable Systems

Application

  • Cisco Unified Communications Manager 10.0

  • Cisco Unified Communications Manager 10.0%281%29

  • Cisco Unified Communications Manager 3.3%285%29

  • Cisco Unified Communications Manager 3.3%285%29sr1

  • Cisco Unified Communications Manager 3.3%285%29sr2a

  • Cisco Unified Communications Manager 4.1%283%29

  • Cisco Unified Communications Manager 4.1%283%29sr1

  • Cisco Unified Communications Manager 4.1%283%29sr2

  • Cisco Unified Communications Manager 4.1%283%29sr3

  • Cisco Unified Communications Manager 4.1%283%29sr4

  • Cisco Unified Communications Manager 4.2

  • Cisco Unified Communications Manager 4.2.1

  • Cisco Unified Communications Manager 4.2.2

  • Cisco Unified Communications Manager 4.2.3

  • Cisco Unified Communications Manager 4.2.3sr1

  • Cisco Unified Communications Manager 4.2.3sr2

  • Cisco Unified Communications Manager 4.2.3sr2b

  • Cisco Unified Communications Manager 4.3


References

CONFIRM - http://tools.cisco.com/security/center/viewAlert.x?alertId=33046

CISCO - 20140225 Cisco Unified Communications Manager CAPF Certificate Import Arbitrary File Read/Write Vulnerability

SECTRACK - 1029843


Last Updated: 27 May 2016 10:55:15