VAR-201404-0559
Vulnerability from variot - Updated: 2023-12-18 14:01The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. This issue is being tracked by Cisco Bug ID CSCun74133. Document Management is one of the document management applications. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP request to upload any to any pathname
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0559",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified contact center express editor software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "unified contact center enterprise",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "unified contact center express",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "unified contact center express editor software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.0(1)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002264"
},
{
"db": "NVD",
"id": "CVE-2014-2180"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-565"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express_editor_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2180"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "67102"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2180",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-2180",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-70119",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2180",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-565",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70119",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-2180",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70119"
},
{
"db": "VULMON",
"id": "CVE-2014-2180"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002264"
},
{
"db": "NVD",
"id": "CVE-2014-2180"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-565"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133. \nAn attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. \nThis issue is being tracked by Cisco Bug ID CSCun74133. Document Management is one of the document management applications. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP request to upload any to any pathname",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2180"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002264"
},
{
"db": "BID",
"id": "67102"
},
{
"db": "VULHUB",
"id": "VHN-70119"
},
{
"db": "VULMON",
"id": "CVE-2014-2180"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2180",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002264",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-565",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20140428 CISCO UNIFIED CONTACT CENTER EXPRESS ARBITRARY FILE UPLOAD VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "67102",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-70119",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-2180",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70119"
},
{
"db": "VULMON",
"id": "CVE-2014-2180"
},
{
"db": "BID",
"id": "67102"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002264"
},
{
"db": "NVD",
"id": "CVE-2014-2180"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-565"
}
]
},
"id": "VAR-201404-0559",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-70119"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:01:58.465000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2180"
},
{
"title": "33989",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33989"
},
{
"title": "Cisco: Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20140429-cve-2014-2180"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-2180"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002264"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70119"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002264"
},
{
"db": "NVD",
"id": "CVE-2014-2180"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2180"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2180"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2180"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140429-cve-2014-2180"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70119"
},
{
"db": "VULMON",
"id": "CVE-2014-2180"
},
{
"db": "BID",
"id": "67102"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002264"
},
{
"db": "NVD",
"id": "CVE-2014-2180"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-565"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-70119"
},
{
"db": "VULMON",
"id": "CVE-2014-2180"
},
{
"db": "BID",
"id": "67102"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002264"
},
{
"db": "NVD",
"id": "CVE-2014-2180"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-565"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-70119"
},
{
"date": "2014-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2014-2180"
},
{
"date": "2014-04-28T00:00:00",
"db": "BID",
"id": "67102"
},
{
"date": "2014-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002264"
},
{
"date": "2014-04-29T10:37:03.967000",
"db": "NVD",
"id": "CVE-2014-2180"
},
{
"date": "2014-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-565"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-70119"
},
{
"date": "2014-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2014-2180"
},
{
"date": "2014-05-02T00:50:00",
"db": "BID",
"id": "67102"
},
{
"date": "2014-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002264"
},
{
"date": "2014-04-29T15:42:38.457000",
"db": "NVD",
"id": "CVE-2014-2180"
},
{
"date": "2014-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-565"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-565"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Contact Center Express of Document Management Component upload vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002264"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-565"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…