Details of VAR-201401-0357

ID

VAR-201401-0357

CVE

CVE-2014-0651

TITLE

Cisco Context Directory Agent Vulnerabilities that gain management access in the management interface

Trust: 0.8

sources: JVNDB: JVNDB-2014-001009

DESCRIPTION

The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347. An authenticated attacker can exploit this issue to gain access to services with escalated privileges. This issue is tracked by Cisco Bug ID CSCuj45347. The vulnerability stems from the program's improper implementation of authentication operations. A remote attacker could exploit this vulnerability to perform administrative operations by hijacking a session

Trust: 1.98

sources: NVD: CVE-2014-0651 // JVNDB: JVNDB-2014-001009 // BID: 64706 // VULHUB: VHN-68144

AFFECTED PRODUCTS

vendor:	cisco	model:	context directory agent	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	context directory agent	scope:	eq	version:	1.0	Trust: 0.8

sources: JVNDB: JVNDB-2014-001009 // CNNVD: CNNVD-201401-104 // NVD: CVE-2014-0651

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0651
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0651
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201401-104
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68144
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0651
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68144
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68144 // JVNDB: JVNDB-2014-001009 // CNNVD: CNNVD-201401-104 // NVD: CVE-2014-0651

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-68144 // JVNDB: JVNDB-2014-001009 // NVD: CVE-2014-0651

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-104

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201401-104

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001009

PATCH

title:	Cisco Context Directory Agent Privilege Escalation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0651	Trust: 0.8
title:	32364	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32364	Trust: 0.8

sources: JVNDB: JVNDB-2014-001009

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0651	Trust: 2.8
db:	BID	id:	64706	Trust: 1.4
db:	SECTRACK	id:	1029573	Trust: 1.1
db:	SECUNIA	id:	56365	Trust: 1.1
db:	OSVDB	id:	101809	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-001009	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-104	Trust: 0.7
db:	CISCO	id:	20140107 CISCO CONTEXT DIRECTORY AGENT PRIVILEGE ESCALATION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-68144	Trust: 0.1

sources: VULHUB: VHN-68144 // BID: 64706 // JVNDB: JVNDB-2014-001009 // CNNVD: CNNVD-201401-104 // NVD: CVE-2014-0651

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0651	Trust: 1.7
url:	http://www.securityfocus.com/bid/64706	Trust: 1.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32364	Trust: 1.1
url:	http://osvdb.org/101809	Trust: 1.1
url:	http://www.securitytracker.com/id/1029573	Trust: 1.1
url:	http://secunia.com/advisories/56365	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90166	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0651	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0651	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-68144 // BID: 64706 // JVNDB: JVNDB-2014-001009 // CNNVD: CNNVD-201401-104 // NVD: CVE-2014-0651

CREDITS

Cisco

Trust: 0.3

sources: BID: 64706

SOURCES

db:	VULHUB	id:	VHN-68144
db:	BID	id:	64706
db:	JVNDB	id:	JVNDB-2014-001009
db:	CNNVD	id:	CNNVD-201401-104
db:	NVD	id:	CVE-2014-0651

LAST UPDATE DATE

2025-04-11T22:53:07.608000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68144	date:	2017-08-29T00:00:00
db:	BID	id:	64706	date:	2014-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-001009	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201401-104	date:	2014-01-09T00:00:00
db:	NVD	id:	CVE-2014-0651	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68144	date:	2014-01-08T00:00:00
db:	BID	id:	64706	date:	2014-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-001009	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201401-104	date:	2014-01-09T00:00:00
db:	NVD	id:	CVE-2014-0651	date:	2014-01-08T21:55:06.223