cve-2014-0741
Vulnerability from cvelistv5
Published
2014-02-27 01:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33046"
},
{
"name": "1029843",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029843"
},
{
"name": "20140225 Cisco Unified Communications Manager CAPF Certificate Import Arbitrary File Read/Write Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-15T16:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33046"
},
{
"name": "1029843",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029843"
},
{
"name": "20140225 Cisco Unified Communications Manager CAPF Certificate Import Arbitrary File Read/Write Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33046",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33046"
},
{
"name": "1029843",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029843"
},
{
"name": "20140225 Cisco Unified Communications Manager CAPF Certificate Import Arbitrary File Read/Write Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-0741",
"datePublished": "2014-02-27T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:27:19.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.0\\\\(1\\\\)\", \"matchCriteriaId\": \"0F66EDBF-F735-4E44-B650-39FCE806535A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:3.3\\\\(5\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:3.3\\\\(5\\\\)sr1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65BB9155-89E5-4D54-AF1B-D5CA38392D5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:3.3\\\\(5\\\\)sr2a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.1\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9BD08CD-9169-4B1E-A6DE-B138E6AB533C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.1\\\\(3\\\\)sr1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFFD96E3-B19F-41B7-86FD-DBFD41382C28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.1\\\\(3\\\\)sr2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E9BF838-87A2-43B8-975B-524D7F954BF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.1\\\\(3\\\\)sr3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9600EA23-5428-4312-A38E-480E3C3228BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.1\\\\(3\\\\)sr4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57F5547E-F9C8-4F9C-96A1-563A66EE8D48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6C20851-DC17-4E89-A6C1-D1B52D47608F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC830649-C0D4-4FFC-8701-80FB4A706F58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"935D2815-7146-4125-BDBE-BFAA62A88EC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BF54827-75E6-4BA0-84F0-0EC0E24A4A73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C8628E7-D3C8-4212-B0A5-6B5AC14D6101\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19432E5E-EA68-4B7A-8B99-DEBACBC3F160\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"577571D6-AC59-4A43-B9A5-7B6FC6D2046C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.\"}, {\"lang\": \"es\", \"value\": \"La funcionalidad certificate-import en la implementaci\\u00f3n Certificate Authority Proxy Function (CAPF) CLI en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales leer o modificar archivos arbitrarios a trav\\u00e9s de un comando manipulado, tambi\\u00e9n conocido como Bug ID CSCum95461.\"}]",
"id": "CVE-2014-0741",
"lastModified": "2024-11-21T02:02:43.503",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:S/C:C/I:C/A:N\", \"baseScore\": 6.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.1, \"impactScore\": 9.2, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2014-02-27T01:55:03.320",
"references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=33046\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1029843\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=33046\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1029843\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-0741\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2014-02-27T01:55:03.320\",\"lastModified\":\"2024-11-21T02:02:43.503\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.\"},{\"lang\":\"es\",\"value\":\"La funcionalidad certificate-import en la implementaci\u00f3n Certificate Authority Proxy Function (CAPF) CLI en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales leer o modificar archivos arbitrarios a trav\u00e9s de un comando manipulado, tambi\u00e9n conocido como Bug ID CSCum95461.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:C/I:C/A:N\",\"baseScore\":6.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":9.2,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.0\\\\(1\\\\)\",\"matchCriteriaId\":\"0F66EDBF-F735-4E44-B650-39FCE806535A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:3.3\\\\(5\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:3.3\\\\(5\\\\)sr1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65BB9155-89E5-4D54-AF1B-D5CA38392D5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:3.3\\\\(5\\\\)sr2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.1\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9BD08CD-9169-4B1E-A6DE-B138E6AB533C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.1\\\\(3\\\\)sr1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFFD96E3-B19F-41B7-86FD-DBFD41382C28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.1\\\\(3\\\\)sr2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E9BF838-87A2-43B8-975B-524D7F954BF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.1\\\\(3\\\\)sr3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9600EA23-5428-4312-A38E-480E3C3228BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.1\\\\(3\\\\)sr4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57F5547E-F9C8-4F9C-96A1-563A66EE8D48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6C20851-DC17-4E89-A6C1-D1B52D47608F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC830649-C0D4-4FFC-8701-80FB4A706F58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"935D2815-7146-4125-BDBE-BFAA62A88EC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BF54827-75E6-4BA0-84F0-0EC0E24A4A73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C8628E7-D3C8-4212-B0A5-6B5AC14D6101\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19432E5E-EA68-4B7A-8B99-DEBACBC3F160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"577571D6-AC59-4A43-B9A5-7B6FC6D2046C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=33046\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1029843\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=33046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1029843\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.