VAR-201401-0336
Vulnerability from variot - Updated: 2023-12-18 13:49The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface. Cisco MediaSense is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Cisco MediaSense is a set of network-based scalable recording platform of Cisco (Cisco). The platform can be used to record speech and video, etc. A permissions and access control vulnerability exists in the Search and Play interfaces of Cisco MediaSense. The vulnerability is caused by the program not properly performing authentication operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0336",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mediasense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "mediasense",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1(1)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:mediasense:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0672"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "65054"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0672",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0672",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-68165",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0672",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-422",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68165",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68165"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface. Cisco MediaSense is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Cisco MediaSense is a set of network-based scalable recording platform of Cisco (Cisco). The platform can be used to record speech and video, etc. A permissions and access control vulnerability exists in the Search and Play interfaces of Cisco MediaSense. The vulnerability is caused by the program not properly performing authentication operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"db": "BID",
"id": "65054"
},
{
"db": "VULHUB",
"id": "VHN-68165"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0672",
"trust": 2.8
},
{
"db": "BID",
"id": "65054",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "102342",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1029668",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "56600",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001227",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-422",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20140121 CISCO MEDIASENSE SEARCH AND PLAY AUTHORIZATION VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-68165",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68165"
},
{
"db": "BID",
"id": "65054"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
]
},
"id": "VAR-201401-0336",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-68165"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:49:00.981000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco MediaSense Search and Play Authorization Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0672"
},
{
"title": "32516",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32516"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68165"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"db": "NVD",
"id": "CVE-2014-0672"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0672"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65054"
},
{
"trust": 1.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32516"
},
{
"trust": 1.1,
"url": "http://osvdb.org/102342"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029668"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/56600"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90616"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0672"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0672"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68165"
},
{
"db": "BID",
"id": "65054"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-68165"
},
{
"db": "BID",
"id": "65054"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-68165"
},
{
"date": "2014-01-21T00:00:00",
"db": "BID",
"id": "65054"
},
{
"date": "2014-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"date": "2014-01-22T05:22:20.783000",
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"date": "2014-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-68165"
},
{
"date": "2014-01-24T00:22:00",
"db": "BID",
"id": "65054"
},
{
"date": "2014-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"date": "2017-08-29T01:34:14.903000",
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"date": "2014-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco MediaSens of Search and Play Vulnerability to download arbitrary records in the interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…