Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0742

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2014-0742
Last Modified 29 Jul 2015 01:11:04
Published 26 Feb 2014 08:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-0742

Summary

The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464.

Vulnerable Systems

Application

  • Cisco Unified Communications Manager 10.0

  • Cisco Unified Communications Manager 10.0%281%29

  • Cisco Unified Communications Manager 3.3%285%29

  • Cisco Unified Communications Manager 3.3%285%29sr1

  • Cisco Unified Communications Manager 3.3%285%29sr2a

  • Cisco Unified Communications Manager 4.1%283%29

  • Cisco Unified Communications Manager 4.1%283%29sr1

  • Cisco Unified Communications Manager 4.1%283%29sr2

  • Cisco Unified Communications Manager 4.1%283%29sr3

  • Cisco Unified Communications Manager 4.1%283%29sr4

  • Cisco Unified Communications Manager 4.2

  • Cisco Unified Communications Manager 4.2.1

  • Cisco Unified Communications Manager 4.2.2

  • Cisco Unified Communications Manager 4.2.3

  • Cisco Unified Communications Manager 4.2.3sr1

  • Cisco Unified Communications Manager 4.2.3sr2

  • Cisco Unified Communications Manager 4.2.3sr2b

  • Cisco Unified Communications Manager 4.3


References

CONFIRM - http://tools.cisco.com/security/center/viewAlert.x?alertId=33045

CISCO - 20140225 Cisco Unified Communications Manager CAPF CSR Arbitrary File Read/Write Vulnerability

SECTRACK - 1029843


Last Updated: 27 May 2016 10:55:15