VAR-201405-0345
Vulnerability from variot - Updated: 2023-12-18 13:08The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074. Dillon Kane Tidal Workload Automation Agent ( Old Cisco Workload Automation Or CWA) Contains a command injection vulnerability. This vulnerability CVE-2014-3272 This is due to an incomplete fix for.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Tidal Enterprise Scheduler (TES) Agents have an exploitable vulnerability. A local attacker can exploit this issue to gain escalated privileges. This issue is being tracked by Cisco Bug ID CSCuo33074. The solution simplifies the way enterprise-wide job scheduling and automated business processes are defined, managed and delivered
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0345",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tidal enterprise scheduler",
"scope": "lte",
"trust": 1.8,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "tidal enterprise scheduler",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.3.0"
},
{
"model": "tidal enterprise scheduler",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "tidal enterprise scheduler",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.3.1"
},
{
"model": "tidal enterprise scheduler",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "tidal enterprise scheduler",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.2"
},
{
"model": "tidal enterprise scheduler",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.3"
},
{
"model": "tidal enterprise scheduler",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0.1"
},
{
"model": "tidal enterprise scheduler",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.2.2"
},
{
"model": "tidal enterprise scheduler",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0.0"
},
{
"model": "tidal workload automation agent",
"scope": "eq",
"trust": 0.8,
"vendor": "dillon kane group",
"version": "3.2.0.5"
},
{
"model": "tidal enterprise scheduler",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004141"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002647"
},
{
"db": "NVD",
"id": "CVE-2014-3272"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-473"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:5.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3272"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "67561"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3272",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-3272",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-3272",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "VHN-71212",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:H/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2014-3272",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3272",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3272",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-473",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71212",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71212"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004141"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002647"
},
{
"db": "NVD",
"id": "CVE-2014-3272"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-473"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074. Dillon Kane Tidal Workload Automation Agent ( Old Cisco Workload Automation Or CWA) Contains a command injection vulnerability. This vulnerability CVE-2014-3272 This is due to an incomplete fix for.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Tidal Enterprise Scheduler (TES) Agents have an exploitable vulnerability. \nA local attacker can exploit this issue to gain escalated privileges. \nThis issue is being tracked by Cisco Bug ID CSCuo33074. The solution simplifies the way enterprise-wide job scheduling and automated business processes are defined, managed and delivered",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3272"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004141"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002647"
},
{
"db": "BID",
"id": "67561"
},
{
"db": "VULHUB",
"id": "VHN-71212"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3272",
"trust": 3.6
},
{
"db": "SECTRACK",
"id": "1030275",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58922",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004141",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002647",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201405-473",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20140521 CISCO TIDAL ENTERPRISE SCHEDULER AGENT PRIVILEGE ESCALATION VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "67561",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-71212",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71212"
},
{
"db": "BID",
"id": "67561"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004141"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002647"
},
{
"db": "NVD",
"id": "CVE-2014-3272"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-473"
}
]
},
"id": "VAR-201405-0345",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71212"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:08:06.751000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.tidalautomation.com/"
},
{
"title": "Cisco Tidal Enterprise Scheduler Agent Privilege Escalation Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3272"
},
{
"title": "34339",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34339"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004141"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002647"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-77",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71212"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004141"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002647"
},
{
"db": "NVD",
"id": "CVE-2014-3272"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3272"
},
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34339"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030275"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58922"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6689"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6689"
},
{
"trust": 0.8,
"url": "https://ashsecurity.wordpress.com/2019/04/25/an-improper-cisco-fix-for-cve-2014-3272/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3272"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3272"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71212"
},
{
"db": "BID",
"id": "67561"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004141"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002647"
},
{
"db": "NVD",
"id": "CVE-2014-3272"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-473"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71212"
},
{
"db": "BID",
"id": "67561"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004141"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002647"
},
{
"db": "NVD",
"id": "CVE-2014-3272"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-473"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-26T00:00:00",
"db": "VULHUB",
"id": "VHN-71212"
},
{
"date": "2014-05-21T00:00:00",
"db": "BID",
"id": "67561"
},
{
"date": "2019-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004141"
},
{
"date": "2014-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002647"
},
{
"date": "2014-05-26T00:25:31.360000",
"db": "NVD",
"id": "CVE-2014-3272"
},
{
"date": "2014-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-473"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-71212"
},
{
"date": "2014-05-21T00:00:00",
"db": "BID",
"id": "67561"
},
{
"date": "2019-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004141"
},
{
"date": "2014-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002647"
},
{
"date": "2016-09-07T16:58:29.020000",
"db": "NVD",
"id": "CVE-2014-3272"
},
{
"date": "2014-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-473"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "67561"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-473"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dillon Kane Tidal Workload Automation Agent Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004141"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-473"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…