Details of VAR-201403-0205

ID

VAR-201403-0205

CVE

CVE-2014-0694

TITLE

Cisco Cloud Portal of Intelligent Automation for Cloud Vulnerability in obtaining plaintext data

Trust: 0.8

sources: JVNDB: JVNDB-2014-001652

DESCRIPTION

Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818. Vendors have confirmed this vulnerability Bug IDs CSCui34764 , CSCui34772 , CSCui34776 , CSCui34798 , CSCui34800 , CSCui34805 , CSCui34809 , CSCui34810 , CSCui34813 , CSCui34814 ,and CSCui34818 It is released as.By using encryption key information by a third party, any IAC There is a possibility that plain text data is obtained from the installation. Cisco Intelligent Automation for Cloud is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. These issues are being tracked by Cisco BugId's CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818. Cisco Cloud Portal is a set of cloud portal solutions for data center services of Cisco

Trust: 1.98

sources: NVD: CVE-2014-0694 // JVNDB: JVNDB-2014-001652 // BID: 66167 // VULHUB: VHN-68187

AFFECTED PRODUCTS

vendor:	cisco	model:	cloud portal	scope:	lte	version:	9.4.1	Trust: 1.8
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.3.1	Trust: 1.6
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.3	Trust: 1.6
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.3.2	Trust: 1.6
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.1	Trust: 1.6
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.4	Trust: 1.6
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.4.1	Trust: 0.6

sources: JVNDB: JVNDB-2014-001652 // CNNVD: CNNVD-201403-249 // NVD: CVE-2014-0694

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0694
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0694
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201403-249
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68187
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0694
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68187
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68187 // JVNDB: JVNDB-2014-001652 // CNNVD: CNNVD-201403-249 // NVD: CVE-2014-0694

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-68187 // JVNDB: JVNDB-2014-001652 // NVD: CVE-2014-0694

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-249

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201403-249

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001652

PATCH

title:	Cisco Intelligent Automation for Cloud Cryptographic Implementation Issues	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0694	Trust: 0.8
title:	33336	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33336	Trust: 0.8

sources: JVNDB: JVNDB-2014-001652

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0694	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-001652	Trust: 0.8
db:	CNNVD	id:	CNNVD-201403-249	Trust: 0.7
db:	NSFOCUS	id:	26229	Trust: 0.6
db:	CISCO	id:	20140312 CISCO INTELLIGENT AUTOMATION FOR CLOUD CRYPTOGRAPHIC IMPLEMENTATION ISSUES	Trust: 0.6
db:	BID	id:	66167	Trust: 0.4
db:	SEEBUG	id:	SSVID-61797	Trust: 0.1
db:	VULHUB	id:	VHN-68187	Trust: 0.1

sources: VULHUB: VHN-68187 // BID: 66167 // JVNDB: JVNDB-2014-001652 // CNNVD: CNNVD-201403-249 // NVD: CVE-2014-0694

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0694	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33336	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0694	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0694	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/26229	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-68187 // BID: 66167 // JVNDB: JVNDB-2014-001652 // CNNVD: CNNVD-201403-249 // NVD: CVE-2014-0694

CREDITS

Cisco

Trust: 0.3

sources: BID: 66167

SOURCES

db:	VULHUB	id:	VHN-68187
db:	BID	id:	66167
db:	JVNDB	id:	JVNDB-2014-001652
db:	CNNVD	id:	CNNVD-201403-249
db:	NVD	id:	CVE-2014-0694

LAST UPDATE DATE

2025-04-13T23:25:29.063000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68187	date:	2014-03-14T00:00:00
db:	BID	id:	66167	date:	2014-03-17T01:05:00
db:	JVNDB	id:	JVNDB-2014-001652	date:	2014-03-17T00:00:00
db:	CNNVD	id:	CNNVD-201403-249	date:	2014-03-18T00:00:00
db:	NVD	id:	CVE-2014-0694	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68187	date:	2014-03-14T00:00:00
db:	BID	id:	66167	date:	2014-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2014-001652	date:	2014-03-17T00:00:00
db:	CNNVD	id:	CNNVD-201403-249	date:	2014-03-18T00:00:00
db:	NVD	id:	CVE-2014-0694	date:	2014-03-14T10:55:05.723