Details of VAR-201405-0345

ID

VAR-201405-0345

CVE

CVE-2014-3272

TITLE

Dillon Kane Tidal Workload Automation Agent Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004141

DESCRIPTION

The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074. Dillon Kane Tidal Workload Automation Agent ( Old Cisco Workload Automation Or CWA) Contains a command injection vulnerability. This vulnerability CVE-2014-3272 This is due to an incomplete fix for.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Tidal Enterprise Scheduler (TES) Agents have an exploitable vulnerability. A local attacker can exploit this issue to gain escalated privileges. This issue is being tracked by Cisco Bug ID CSCuo33074. The solution simplifies the way enterprise-wide job scheduling and automated business processes are defined, managed and delivered

Trust: 2.7

sources: NVD: CVE-2014-3272 // JVNDB: JVNDB-2019-004141 // JVNDB: JVNDB-2014-002647 // BID: 67561 // VULHUB: VHN-71212

AFFECTED PRODUCTS

vendor:	cisco	model:	tidal enterprise scheduler	scope:	lte	version:	6.1	Trust: 1.8
vendor:	cisco	model:	tidal enterprise scheduler	scope:	eq	version:	3.0.0	Trust: 1.6
vendor:	cisco	model:	tidal enterprise scheduler	scope:	eq	version:	5.3.1	Trust: 1.6
vendor:	cisco	model:	tidal enterprise scheduler	scope:	eq	version:	5.2.2	Trust: 1.6
vendor:	cisco	model:	tidal enterprise scheduler	scope:	eq	version:	5.3.0	Trust: 1.6
vendor:	cisco	model:	tidal enterprise scheduler	scope:	eq	version:	6.0.0	Trust: 1.6
vendor:	cisco	model:	tidal enterprise scheduler	scope:	eq	version:	6.0.1	Trust: 1.6
vendor:	cisco	model:	tidal enterprise scheduler	scope:	eq	version:	6.0.2	Trust: 1.6
vendor:	cisco	model:	tidal enterprise scheduler	scope:	eq	version:	3.0.1	Trust: 1.6
vendor:	cisco	model:	tidal enterprise scheduler	scope:	eq	version:	6.0.3	Trust: 1.6
vendor:	dillon kane group	model:	tidal workload automation agent	scope:	eq	version:	3.2.0.5	Trust: 0.8
vendor:	cisco	model:	tidal enterprise scheduler	scope:	eq	version:	6.1	Trust: 0.6

sources: JVNDB: JVNDB-2019-004141 // JVNDB: JVNDB-2014-002647 // CNNVD: CNNVD-201405-473 // NVD: CVE-2014-3272

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3272
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3272
value:	HIGH
Trust: 0.8
NVD:	CVE-2014-3272
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201405-473
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71212
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3272
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
NVD:	CVE-2014-3272
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-71212
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:	CVE-2014-3272
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-71212 // JVNDB: JVNDB-2019-004141 // JVNDB: JVNDB-2014-002647 // CNNVD: CNNVD-201405-473 // NVD: CVE-2014-3272

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-77	Trust: 0.8

sources: VULHUB: VHN-71212 // JVNDB: JVNDB-2019-004141 // JVNDB: JVNDB-2014-002647 // NVD: CVE-2014-3272

THREAT TYPE

local

Trust: 0.9

sources: BID: 67561 // CNNVD: CNNVD-201405-473

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201405-473

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004141

PATCH

title:	Top Page	url:	https://www.tidalautomation.com/	Trust: 0.8
title:	Cisco Tidal Enterprise Scheduler Agent Privilege Escalation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3272	Trust: 0.8
title:	34339	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34339	Trust: 0.8

sources: JVNDB: JVNDB-2019-004141 // JVNDB: JVNDB-2014-002647

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3272	Trust: 3.6
db:	SECTRACK	id:	1030275	Trust: 1.1
db:	SECUNIA	id:	58922	Trust: 1.1
db:	JVNDB	id:	JVNDB-2019-004141	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-002647	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-473	Trust: 0.7
db:	CISCO	id:	20140521 CISCO TIDAL ENTERPRISE SCHEDULER AGENT PRIVILEGE ESCALATION VULNERABILITY	Trust: 0.6
db:	BID	id:	67561	Trust: 0.4
db:	VULHUB	id:	VHN-71212	Trust: 0.1

sources: VULHUB: VHN-71212 // BID: 67561 // JVNDB: JVNDB-2019-004141 // JVNDB: JVNDB-2014-002647 // CNNVD: CNNVD-201405-473 // NVD: CVE-2014-3272

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3272	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34339	Trust: 1.7
url:	http://www.securitytracker.com/id/1030275	Trust: 1.1
url:	http://secunia.com/advisories/58922	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6689	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6689	Trust: 0.8
url:	https://ashsecurity.wordpress.com/2019/04/25/an-improper-cisco-fix-for-cve-2014-3272/	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3272	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3272	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-71212 // BID: 67561 // JVNDB: JVNDB-2019-004141 // JVNDB: JVNDB-2014-002647 // CNNVD: CNNVD-201405-473 // NVD: CVE-2014-3272

CREDITS

Cisco

Trust: 0.3

sources: BID: 67561

SOURCES

db:	VULHUB	id:	VHN-71212
db:	BID	id:	67561
db:	JVNDB	id:	JVNDB-2019-004141
db:	JVNDB	id:	JVNDB-2014-002647
db:	CNNVD	id:	CNNVD-201405-473
db:	NVD	id:	CVE-2014-3272

LAST UPDATE DATE

2025-04-13T23:01:43.614000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71212	date:	2016-09-07T00:00:00
db:	BID	id:	67561	date:	2014-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-004141	date:	2019-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2014-002647	date:	2014-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201405-473	date:	2014-05-28T00:00:00
db:	NVD	id:	CVE-2014-3272	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71212	date:	2014-05-26T00:00:00
db:	BID	id:	67561	date:	2014-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-004141	date:	2019-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2014-002647	date:	2014-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201405-473	date:	2014-05-28T00:00:00
db:	NVD	id:	CVE-2014-3272	date:	2014-05-26T00:25:31.360