Details of VAR-201407-0509

ID

VAR-201407-0509

CVE

CVE-2014-2197

TITLE

Cisco Unified CDM Application Software of Cisco Unified Communications Domain Manager Vulnerabilities that change administrator credentials

Trust: 0.8

sources: JVNDB: JVNDB-2014-003225

DESCRIPTION

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862. Vendors report this vulnerability Bug ID CSCun49862 Published as.Crafted by a remotely authenticated user URL Via, the administrator credentials may be changed. An attacker can leverage this issue to escalate privileges and gain administrative access on an affected computer. This issue is being tracked by Cisco Bug ID CSCun49862. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. The vulnerability is caused by the incorrect implementation of access control in the program. A remote attacker could exploit this vulnerability by submitting a specially crafted URL to modify administrative credentials

Trust: 1.98

sources: NVD: CVE-2014-2197 // JVNDB: JVNDB-2014-003225 // BID: 68333 // VULHUB: VHN-70136

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified cdm application software	scope:	lte	version:	8.1	Trust: 1.0
vendor:	cisco	model:	unified communications domain manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified cdm application software	scope:	lt	version:	8.1.4	Trust: 0.8
vendor:	cisco	model:	unified cdm application software	scope:	eq	version:	8.1	Trust: 0.6

sources: JVNDB: JVNDB-2014-003225 // CNNVD: CNNVD-201407-170 // NVD: CVE-2014-2197

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2197
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2197
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201407-170
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-70136
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2197
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70136
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70136 // JVNDB: JVNDB-2014-003225 // CNNVD: CNNVD-201407-170 // NVD: CVE-2014-2197

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-70136 // JVNDB: JVNDB-2014-003225 // NVD: CVE-2014-2197

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-170

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201407-170

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003225

PATCH

title:	34689	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689	Trust: 0.8
title:	cisco-sa-20140702-cucdm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm	Trust: 0.8
title:	34790	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34790	Trust: 0.8
title:	cisco-sa-20140702-cucdm	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122753_cisco-sa-20140702-cucdm-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-003225

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2197	Trust: 2.8
db:	BID	id:	68333	Trust: 1.4
db:	SECTRACK	id:	1030515	Trust: 1.1
db:	SECUNIA	id:	59573	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-003225	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-170	Trust: 0.7
db:	VULHUB	id:	VHN-70136	Trust: 0.1

sources: VULHUB: VHN-70136 // BID: 68333 // JVNDB: JVNDB-2014-003225 // CNNVD: CNNVD-201407-170 // NVD: CVE-2014-2197

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140702-cucdm	Trust: 1.7
url:	http://www.securityfocus.com/bid/68333	Trust: 1.1
url:	http://tools.cisco.com/security/center/viewambalert.x?alertid=34689	Trust: 1.1
url:	http://www.securitytracker.com/id/1030515	Trust: 1.1
url:	http://secunia.com/advisories/59573	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2197	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2197	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-70136 // BID: 68333 // JVNDB: JVNDB-2014-003225 // CNNVD: CNNVD-201407-170 // NVD: CVE-2014-2197

CREDITS

Cisco

Trust: 0.3

sources: BID: 68333

SOURCES

db:	VULHUB	id:	VHN-70136
db:	BID	id:	68333
db:	JVNDB	id:	JVNDB-2014-003225
db:	CNNVD	id:	CNNVD-201407-170
db:	NVD	id:	CVE-2014-2197

LAST UPDATE DATE

2025-04-13T23:04:57.025000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70136	date:	2017-01-07T00:00:00
db:	BID	id:	68333	date:	2014-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-003225	date:	2014-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201407-170	date:	2014-07-08T00:00:00
db:	NVD	id:	CVE-2014-2197	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70136	date:	2014-07-07T00:00:00
db:	BID	id:	68333	date:	2014-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-003225	date:	2014-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201407-170	date:	2014-07-08T00:00:00
db:	NVD	id:	CVE-2014-2197	date:	2014-07-07T11:01:29.337