CVE-2014-3333 (GCVE-0-2014-3333)
Vulnerability from cvelistv5 – Published: 2014-08-11 20:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-unity-cve20143333-priv-esc(95135)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95135"
},
{
"name": "20140806 Cisco Unity Connection HTTP Intercept Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333"
},
{
"name": "59768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59768"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35200"
},
{
"name": "69074",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69074"
},
{
"name": "1030688",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030688"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an \"HTTP Intercept\" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-unity-cve20143333-priv-esc(95135)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95135"
},
{
"name": "20140806 Cisco Unity Connection HTTP Intercept Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333"
},
{
"name": "59768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59768"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35200"
},
{
"name": "69074",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69074"
},
{
"name": "1030688",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030688"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an \"HTTP Intercept\" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-unity-cve20143333-priv-esc(95135)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95135"
},
{
"name": "20140806 Cisco Unity Connection HTTP Intercept Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333"
},
{
"name": "59768",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59768"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35200",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35200"
},
{
"name": "69074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69074"
},
{
"name": "1030688",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030688"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3333",
"datePublished": "2014-08-11T20:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unity_connection:9.1\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50CD06E4-0C09-4DD7-B106-56DC680CE333\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unity_connection:9.1\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA2751A8-A3CF-4CC7-A7F2-003165C1AEDB\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an \\\"HTTP Intercept\\\" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014.\"}, {\"lang\": \"es\", \"value\": \"El servidor en Cisco Unity Connection 9.1(1) y 9.1(2) permite a usuarios remotos autenticados obtener el acceso privilegiado mediante la realizaci\\u00f3n de un ataque de \u0027intercepci\\u00f3n de HTTP\u0027 y el aprovechamiento de la habilidad de leer ficheros dentro del contexto de la cuenta del usuario del servidor web, tambi\\u00e9n conocido como Bug ID CSCup41014.\"}]",
"id": "CVE-2014-3333",
"lastModified": "2024-11-21T02:07:53.180",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2014-08-11T20:55:07.170",
"references": "[{\"url\": \"http://secunia.com/advisories/59768\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=35200\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/69074\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1030688\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/95135\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://secunia.com/advisories/59768\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=35200\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/69074\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1030688\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/95135\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-3333\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2014-08-11T20:55:07.170\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an \\\"HTTP Intercept\\\" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014.\"},{\"lang\":\"es\",\"value\":\"El servidor en Cisco Unity Connection 9.1(1) y 9.1(2) permite a usuarios remotos autenticados obtener el acceso privilegiado mediante la realizaci\u00f3n de un ataque de \u0027intercepci\u00f3n de HTTP\u0027 y el aprovechamiento de la habilidad de leer ficheros dentro del contexto de la cuenta del usuario del servidor web, tambi\u00e9n conocido como Bug ID CSCup41014.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity_connection:9.1\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50CD06E4-0C09-4DD7-B106-56DC680CE333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity_connection:9.1\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA2751A8-A3CF-4CC7-A7F2-003165C1AEDB\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/59768\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=35200\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/69074\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1030688\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/95135\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://secunia.com/advisories/59768\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=35200\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/69074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1030688\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/95135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…