Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0747

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-0747
Last Modified 31 Jul 2015 09:35:28
Published 26 Feb 2014 08:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-0747

Summary

The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.

Vulnerable Systems

Application

  • Cisco Unified Communications Manager 10.0

  • Cisco Unified Communications Manager 10.0%281%29

  • Cisco Unified Communications Manager 3.3%285%29

  • Cisco Unified Communications Manager 3.3%285%29sr1

  • Cisco Unified Communications Manager 3.3%285%29sr2a

  • Cisco Unified Communications Manager 4.1%283%29

  • Cisco Unified Communications Manager 4.1%283%29sr1

  • Cisco Unified Communications Manager 4.1%283%29sr2

  • Cisco Unified Communications Manager 4.1%283%29sr3

  • Cisco Unified Communications Manager 4.1%283%29sr4

  • Cisco Unified Communications Manager 4.2

  • Cisco Unified Communications Manager 4.2.1

  • Cisco Unified Communications Manager 4.2.2

  • Cisco Unified Communications Manager 4.2.3

  • Cisco Unified Communications Manager 4.2.3sr1

  • Cisco Unified Communications Manager 4.2.3sr2

  • Cisco Unified Communications Manager 4.2.3sr2b

  • Cisco Unified Communications Manager 4.3


References

CONFIRM - http://tools.cisco.com/security/center/viewAlert.x?alertId=33048

CISCO - 20140225 Cisco Unified Communications Manager CAPF CLI Command Injection Vulnerability

SECTRACK - 1029843


Last Updated: 27 May 2016 10:55:16