var-201401-0336
Vulnerability from variot
The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface. Cisco MediaSense is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Cisco MediaSense is a set of network-based scalable recording platform of Cisco (Cisco). The platform can be used to record speech and video, etc. A permissions and access control vulnerability exists in the Search and Play interfaces of Cisco MediaSense. The vulnerability is caused by the program not properly performing authentication operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0336",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mediasense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "mediasense",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1(1)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:mediasense:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0672"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "65054"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0672",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0672",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-68165",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0672",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-422",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68165",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68165"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface. Cisco MediaSense is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Cisco MediaSense is a set of network-based scalable recording platform of Cisco (Cisco). The platform can be used to record speech and video, etc. A permissions and access control vulnerability exists in the Search and Play interfaces of Cisco MediaSense. The vulnerability is caused by the program not properly performing authentication operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"db": "BID",
"id": "65054"
},
{
"db": "VULHUB",
"id": "VHN-68165"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0672",
"trust": 2.8
},
{
"db": "BID",
"id": "65054",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "102342",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1029668",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "56600",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001227",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-422",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20140121 CISCO MEDIASENSE SEARCH AND PLAY AUTHORIZATION VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-68165",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68165"
},
{
"db": "BID",
"id": "65054"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
]
},
"id": "VAR-201401-0336",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-68165"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:49:00.981000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco MediaSense Search and Play Authorization Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0672"
},
{
"title": "32516",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32516"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68165"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"db": "NVD",
"id": "CVE-2014-0672"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0672"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65054"
},
{
"trust": 1.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32516"
},
{
"trust": 1.1,
"url": "http://osvdb.org/102342"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029668"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/56600"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90616"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0672"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0672"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68165"
},
{
"db": "BID",
"id": "65054"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-68165"
},
{
"db": "BID",
"id": "65054"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-68165"
},
{
"date": "2014-01-21T00:00:00",
"db": "BID",
"id": "65054"
},
{
"date": "2014-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"date": "2014-01-22T05:22:20.783000",
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"date": "2014-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-68165"
},
{
"date": "2014-01-24T00:22:00",
"db": "BID",
"id": "65054"
},
{
"date": "2014-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001227"
},
{
"date": "2017-08-29T01:34:14.903000",
"db": "NVD",
"id": "CVE-2014-0672"
},
{
"date": "2014-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco MediaSens of Search and Play Vulnerability to download arbitrary records in the interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001227"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-422"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.