Details of VAR-201205-0021

ID

VAR-201205-0021

CVE

CVE-2011-4014

TITLE

Cisco WCS of TAC Case Attachment Vulnerability in reading arbitrary files in the tool

Trust: 0.8

sources: JVNDB: JVNDB-2012-002222

DESCRIPTION

The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807. The problem is Bug ID CSCtq86807 It is a problem.By a remotely authenticated user webnms/Temp/ Any subordinate file may be read. An attacker can exploit this issue to view arbitrary files in the context of the affected application. This may aid in further attacks. Cisco Wireless Control System (WCS) 7.0 through versions prior to 7.0.230.0 are vulnerable. This issue is being tracked by Cisco Bug ID CSCtq86807

Trust: 2.07

sources: NVD: CVE-2011-4014 // JVNDB: JVNDB-2012-002222 // BID: 55126 // VULHUB: VHN-51959 // VULMON: CVE-2011-4014

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless control system software	scope:	eq	version:	7.0.220.0	Trust: 1.6
vendor:	cisco	model:	wireless control system software	scope:	eq	version:	7.0.172.0	Trust: 1.6
vendor:	cisco	model:	wireless control system software	scope:	eq	version:	7.0.164.3	Trust: 1.6
vendor:	cisco	model:	wireless control system software	scope:	eq	version:	7.0.230.0	Trust: 1.6
vendor:	cisco	model:	wireless control system software	scope:	eq	version:	7.0.164.0	Trust: 1.6
vendor:	cisco	model:	wireless control system software	scope:	eq	version:	7.0	Trust: 0.8
vendor:	cisco	model:	wireless control system	scope:	eq	version:	7.0.164	Trust: 0.3
vendor:	cisco	model:	wireless control system	scope:	eq	version:	7.0.163	Trust: 0.3

sources: BID: 55126 // JVNDB: JVNDB-2012-002222 // CNNVD: CNNVD-201205-044 // NVD: CVE-2011-4014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4014
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-4014
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201205-044
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-51959
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2011-4014
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-4014
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-51959
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-51959 // VULMON: CVE-2011-4014 // JVNDB: JVNDB-2012-002222 // CNNVD: CNNVD-201205-044 // NVD: CVE-2011-4014

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-51959 // JVNDB: JVNDB-2012-002222 // NVD: CVE-2011-4014

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-044

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201205-044

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002222

PATCH

title:

Release Notes for Cisco Wireless Control System for Windows or Linux, Release 7.0.230.0

url:

http://www.cisco.com/en/US/docs/wireless/wcs/release/notes/WCS_RN7_0_230.html

Trust: 0.8

sources: JVNDB: JVNDB-2012-002222

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4014	Trust: 2.9
db:	SECTRACK	id:	1027011	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-002222	Trust: 0.8
db:	CNNVD	id:	CNNVD-201205-044	Trust: 0.7
db:	BID	id:	55126	Trust: 0.5
db:	VULHUB	id:	VHN-51959	Trust: 0.1
db:	VULMON	id:	CVE-2011-4014	Trust: 0.1

sources: VULHUB: VHN-51959 // VULMON: CVE-2011-4014 // BID: 55126 // JVNDB: JVNDB-2012-002222 // CNNVD: CNNVD-201205-044 // NVD: CVE-2011-4014

REFERENCES

url:	http://www.cisco.com/en/us/docs/wireless/wcs/release/notes/wcs_rn7_0_230.html	Trust: 1.8
url:	http://www.securitytracker.com/id?1027011	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4014	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4014	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps6305/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/55126	Trust: 0.1

sources: VULHUB: VHN-51959 // VULMON: CVE-2011-4014 // BID: 55126 // JVNDB: JVNDB-2012-002222 // CNNVD: CNNVD-201205-044 // NVD: CVE-2011-4014

CREDITS

Reported by vendor.

Trust: 0.3

sources: BID: 55126

SOURCES

db:	VULHUB	id:	VHN-51959
db:	VULMON	id:	CVE-2011-4014
db:	BID	id:	55126
db:	JVNDB	id:	JVNDB-2012-002222
db:	CNNVD	id:	CNNVD-201205-044
db:	NVD	id:	CVE-2011-4014

LAST UPDATE DATE

2025-04-11T23:09:58.576000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-51959	date:	2012-08-19T00:00:00
db:	VULMON	id:	CVE-2011-4014	date:	2012-08-19T00:00:00
db:	BID	id:	55126	date:	2015-03-19T08:12:00
db:	JVNDB	id:	JVNDB-2012-002222	date:	2012-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201205-044	date:	2012-05-03T00:00:00
db:	NVD	id:	CVE-2011-4014	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-51959	date:	2012-05-02T00:00:00
db:	VULMON	id:	CVE-2011-4014	date:	2012-05-02T00:00:00
db:	BID	id:	55126	date:	2012-05-05T00:00:00
db:	JVNDB	id:	JVNDB-2012-002222	date:	2012-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201205-044	date:	2012-05-03T00:00:00
db:	NVD	id:	CVE-2011-4014	date:	2012-05-02T10:09:21.753