cvelistv5 - CVE-2014-2197

CVE-2014-2197 (GCVE-0-2014-2197)

Vulnerability from cvelistv5 – Published: 2014-07-07 10:00 – Updated: 2024-08-06 10:06

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://secunia.com/advisories/59573	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id/1030515	vdb-entryx_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://tools.cisco.com/security/center/viewAMBAle…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/68333	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:06:00.218Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59573",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59573"
          },
          {
            "name": "1030515",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030515"
          },
          {
            "name": "20140702 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm"
          },
          {
            "name": "20140702 Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689"
          },
          {
            "name": "68333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-05T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "59573",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59573"
        },
        {
          "name": "1030515",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030515"
        },
        {
          "name": "20140702 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm"
        },
        {
          "name": "20140702 Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689"
        },
        {
          "name": "68333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68333"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-2197",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59573",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59573"
            },
            {
              "name": "1030515",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030515"
            },
            {
              "name": "20140702 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm"
            },
            {
              "name": "20140702 Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689"
            },
            {
              "name": "68333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68333"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-2197",
    "datePublished": "2014-07-07T10:00:00",
    "dateReserved": "2014-02-25T00:00:00",
    "dateUpdated": "2024-08-06T10:06:00.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_cdm_application_software:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.1\", \"matchCriteriaId\": \"F7756F0A-20F8-41D1-B8C0-266BB643D932\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAC05C99-071F-47E7-A3B6-899488520663\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862.\"}, {\"lang\": \"es\", \"value\": \"La interfaz gr\\u00e1fica de usuario (GUI) Administration en el Framework web en Cisco Unified Communications Domain Manager (CDM) en Unified CDM Application Software anterior a 8.1.4 no implementa debidamente el control de acceso, lo que permite a usuarios remotos autenticados modificar las credenciales administrativas a trav\\u00e9s de una URL manipulada, tambi\\u00e9n conocido como Bug ID CSCun49862.\"}]",
      "id": "CVE-2014-2197",
      "lastModified": "2024-11-21T02:05:50.057",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-07-07T11:01:29.337",
      "references": "[{\"url\": \"http://secunia.com/advisories/59573\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securityfocus.com/bid/68333\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1030515\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://secunia.com/advisories/59573\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/68333\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1030515\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-2197\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2014-07-07T11:01:29.337\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862.\"},{\"lang\":\"es\",\"value\":\"La interfaz gr\u00e1fica de usuario (GUI) Administration en el Framework web en Cisco Unified Communications Domain Manager (CDM) en Unified CDM Application Software anterior a 8.1.4 no implementa debidamente el control de acceso, lo que permite a usuarios remotos autenticados modificar las credenciales administrativas a trav\u00e9s de una URL manipulada, tambi\u00e9n conocido como Bug ID CSCun49862.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_cdm_application_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.1\",\"matchCriteriaId\":\"F7756F0A-20F8-41D1-B8C0-266BB643D932\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAC05C99-071F-47E7-A3B6-899488520663\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/59573\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securityfocus.com/bid/68333\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1030515\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://secunia.com/advisories/59573\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/68333\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1030515\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2014-AVI-295

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Cisco Unified Communications Domain Manager. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Cisco	Unified Communications	Cisco Unified CDM Application Software versions antérieures à 10
	Cisco	Unified Communications	Cisco Unified CDM Platform Software versions antérieures à 4.4.2

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20140702-cucdm du 02 juillet 2014	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20140702-cucdm du 02 juillet 2014	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Unified CDM Application Software versions ant\u00e9rieures \u00e0 10",
      "product": {
        "name": "Unified Communications",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified CDM Platform Software versions ant\u00e9rieures \u00e0 4.4.2",
      "product": {
        "name": "Unified Communications",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3300"
    },
    {
      "name": "CVE-2014-2198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2198"
    },
    {
      "name": "CVE-2014-2197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2197"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140702-cucdm du 02    juillet 2014",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm"
    }
  ],
  "reference": "CERTFR-2014-AVI-295",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-07-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco Unified Communications Domain Manager\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Unified Communications Domain Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140702-cucdm du 02 juillet 2014",
      "url": null
    }
  ]
}

CERTFR-2014-AVI-295

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Cisco	Unified Communications	Cisco Unified CDM Application Software versions antérieures à 10
	Cisco	Unified Communications	Cisco Unified CDM Platform Software versions antérieures à 4.4.2

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20140702-cucdm du 02 juillet 2014	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20140702-cucdm du 02 juillet 2014	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Unified CDM Application Software versions ant\u00e9rieures \u00e0 10",
      "product": {
        "name": "Unified Communications",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified CDM Platform Software versions ant\u00e9rieures \u00e0 4.4.2",
      "product": {
        "name": "Unified Communications",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3300"
    },
    {
      "name": "CVE-2014-2198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2198"
    },
    {
      "name": "CVE-2014-2197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2197"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140702-cucdm du 02    juillet 2014",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm"
    }
  ],
  "reference": "CERTFR-2014-AVI-295",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-07-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco Unified Communications Domain Manager\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Unified Communications Domain Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140702-cucdm du 02 juillet 2014",
      "url": null
    }
  ]
}

VAR-201407-0509

Vulnerability from variot - Updated: 2023-12-18 13:19

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862. Vendors report this vulnerability Bug ID CSCun49862 Published as.Crafted by a remotely authenticated user URL Via, the administrator credentials may be changed. An attacker can leverage this issue to escalate privileges and gain administrative access on an affected computer. This issue is being tracked by Cisco Bug ID CSCun49862. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. The vulnerability is caused by the incorrect implementation of access control in the program. A remote attacker could exploit this vulnerability by submitting a specially crafted URL to modify administrative credentials

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201407-0509",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified communications domain manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified cdm application software",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.1"
      },
      {
        "model": "unified communications domain manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified cdm application software",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.1.4"
      },
      {
        "model": "unified cdm application software",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "8.1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003225"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-170"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_cdm_application_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2197"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "68333"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-2197",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2014-2197",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "VHN-70136",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-2197",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201407-170",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-70136",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70136"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003225"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-170"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862. Vendors report this vulnerability Bug ID CSCun49862 Published as.Crafted by a remotely authenticated user URL Via, the administrator credentials may be changed. \nAn attacker can leverage this issue to escalate privileges and gain administrative access on an affected computer. \nThis issue is being tracked by Cisco Bug ID CSCun49862. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. The vulnerability is caused by the incorrect implementation of access control in the program. A remote attacker could exploit this vulnerability by submitting a specially crafted URL to modify administrative credentials",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2197"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003225"
      },
      {
        "db": "BID",
        "id": "68333"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70136"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-2197",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "68333",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1030515",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59573",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003225",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-170",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-70136",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70136"
      },
      {
        "db": "BID",
        "id": "68333"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003225"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-170"
      }
    ]
  },
  "id": "VAR-201407-0509",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70136"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:19:57.282000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "34689",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewambalert.x?alertid=34689"
      },
      {
        "title": "cisco-sa-20140702-cucdm",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140702-cucdm"
      },
      {
        "title": "34790",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34790"
      },
      {
        "title": "cisco-sa-20140702-cucdm",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1122/1122753_cisco-sa-20140702-cucdm-j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003225"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70136"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003225"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2197"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140702-cucdm"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/68333"
      },
      {
        "trust": 1.1,
        "url": "http://tools.cisco.com/security/center/viewambalert.x?alertid=34689"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030515"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59573"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2197"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2197"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70136"
      },
      {
        "db": "BID",
        "id": "68333"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003225"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-170"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-70136"
      },
      {
        "db": "BID",
        "id": "68333"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003225"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-170"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-07-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70136"
      },
      {
        "date": "2014-07-02T00:00:00",
        "db": "BID",
        "id": "68333"
      },
      {
        "date": "2014-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003225"
      },
      {
        "date": "2014-07-07T11:01:29.337000",
        "db": "NVD",
        "id": "CVE-2014-2197"
      },
      {
        "date": "2014-07-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201407-170"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70136"
      },
      {
        "date": "2014-07-02T00:00:00",
        "db": "BID",
        "id": "68333"
      },
      {
        "date": "2014-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003225"
      },
      {
        "date": "2017-01-07T02:59:45.250000",
        "db": "NVD",
        "id": "CVE-2014-2197"
      },
      {
        "date": "2014-07-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201407-170"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-170"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified CDM Application Software of  Cisco Unified Communications Domain Manager Vulnerabilities that change administrator credentials",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003225"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-170"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2014-2197

Vulnerability from fkie_nvd - Published: 2014-07-07 11:01 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://secunia.com/advisories/59573
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm	Vendor Advisory
psirt@cisco.com	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689
psirt@cisco.com	http://www.securityfocus.com/bid/68333
psirt@cisco.com	http://www.securitytracker.com/id/1030515
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59573
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/68333
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030515

Impacted products

	Vendor	Product	Version
	cisco	unified_cdm_application_software	*
	cisco	unified_communications_domain_manager	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_cdm_application_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7756F0A-20F8-41D1-B8C0-266BB643D932",
              "versionEndIncluding": "8.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAC05C99-071F-47E7-A3B6-899488520663",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862."
    },
    {
      "lang": "es",
      "value": "La interfaz gr\u00e1fica de usuario (GUI) Administration en el Framework web en Cisco Unified Communications Domain Manager (CDM) en Unified CDM Application Software anterior a 8.1.4 no implementa debidamente el control de acceso, lo que permite a usuarios remotos autenticados modificar las credenciales administrativas a trav\u00e9s de una URL manipulada, tambi\u00e9n conocido como Bug ID CSCun49862."
    }
  ],
  "id": "CVE-2014-2197",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-07-07T11:01:29.337",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://secunia.com/advisories/59573"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/68333"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1030515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59573"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/68333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030515"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2014-2197

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-2197

Aliases

CVE-2014-2197

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-2197",
    "description": "The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862.",
    "id": "GSD-2014-2197"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-2197"
      ],
      "details": "The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862.",
      "id": "GSD-2014-2197",
      "modified": "2023-12-13T01:22:46.085093Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-2197",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "59573",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59573"
          },
          {
            "name": "1030515",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030515"
          },
          {
            "name": "20140702 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm"
          },
          {
            "name": "20140702 Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689"
          },
          {
            "name": "68333",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/68333"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_cdm_application_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-2197"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140702 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm"
            },
            {
              "name": "1030515",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1030515"
            },
            {
              "name": "68333",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/68333"
            },
            {
              "name": "20140702 Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
              "refsource": "CISCO",
              "tags": [],
              "url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689"
            },
            {
              "name": "59573",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59573"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-01-07T02:59Z",
      "publishedDate": "2014-07-07T11:01Z"
    }
  }
}

GHSA-674C-6V72-JQ3Q

Vulnerability from github – Published: 2022-05-17 03:06 – Updated: 2022-05-17 03:06

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-2197"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-07-07T11:01:00Z",
    "severity": "HIGH"
  },
  "details": "The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862.",
  "id": "GHSA-674c-6v72-jq3q",
  "modified": "2022-05-17T03:06:13Z",
  "published": "2022-05-17T03:06:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2197"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59573"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/68333"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030515"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-2197 (GCVE-0-2014-2197)

CERTFR-2014-AVI-295

Solution

CERTFR-2014-AVI-295

Solution

VAR-201407-0509

FKIE_CVE-2014-2197

GSD-2014-2197

GHSA-674C-6V72-JQ3Q

Tags

Sightings

Nomenclature