Details of VAR-201411-0244

ID

VAR-201411-0244

CVE

CVE-2014-7989

TITLE

Cisco Unified Computing System B Vulnerability in which shell privileges are acquired on a series blade server

Trust: 0.8

sources: JVNDB: JVNDB-2014-005286

DESCRIPTION

Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176. Local attackers can exploit these issues to execute arbitrary commands with root privileges. This issue is being tracked by Cisco Bug ID CSCuq38176

Trust: 1.98

sources: NVD: CVE-2014-7989 // JVNDB: JVNDB-2014-005286 // BID: 70969 // VULHUB: VHN-75934

AFFECTED PRODUCTS

vendor:	cisco	model:	b230 m2	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	b440 m2	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	b460 m4	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	b260 m4	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	b22 m3	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	b200 m3	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	b200 m4	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	b420 m3	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	ucs b200 m3 blade server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs b200 m4 blade server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs b22 m3 blade server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs b230 m2 blade server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs b260 m4 blade server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs b420 m3 blade server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs b440 m2 high performance blade server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs b460 m4 blade server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	eq	version:	2.2	Trust: 0.8

sources: JVNDB: JVNDB-2014-005286 // CNNVD: CNNVD-201411-108 // NVD: CVE-2014-7989

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-7989
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-7989
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201411-108
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-75934
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-7989
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-75934
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-75934 // JVNDB: JVNDB-2014-005286 // CNNVD: CNNVD-201411-108 // NVD: CVE-2014-7989

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-75934 // JVNDB: JVNDB-2014-005286 // NVD: CVE-2014-7989

THREAT TYPE

local

Trust: 0.9

sources: BID: 70969 // CNNVD: CNNVD-201411-108

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201411-108

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005286

PATCH

title:	Cisco Unified Computing System B-Series Servers Privilege Escalation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7989	Trust: 0.8
title:	36350	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=36350	Trust: 0.8

sources: JVNDB: JVNDB-2014-005286

EXTERNAL IDS

db:	NVD	id:	CVE-2014-7989	Trust: 2.8
db:	BID	id:	70969	Trust: 1.4
db:	SECTRACK	id:	1031178	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-005286	Trust: 0.8
db:	CNNVD	id:	CNNVD-201411-108	Trust: 0.7
db:	VULHUB	id:	VHN-75934	Trust: 0.1

sources: VULHUB: VHN-75934 // BID: 70969 // JVNDB: JVNDB-2014-005286 // CNNVD: CNNVD-201411-108 // NVD: CVE-2014-7989

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-7989	Trust: 1.7
url:	http://www.securityfocus.com/bid/70969	Trust: 1.1
url:	http://www.securitytracker.com/id/1031178	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/98530	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7989	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7989	Trust: 0.8
url:	www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-75934 // BID: 70969 // JVNDB: JVNDB-2014-005286 // CNNVD: CNNVD-201411-108 // NVD: CVE-2014-7989

CREDITS

Cisco

Trust: 0.3

sources: BID: 70969

SOURCES

db:	VULHUB	id:	VHN-75934
db:	BID	id:	70969
db:	JVNDB	id:	JVNDB-2014-005286
db:	CNNVD	id:	CNNVD-201411-108
db:	NVD	id:	CVE-2014-7989

LAST UPDATE DATE

2025-04-13T23:29:40.807000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-75934	date:	2017-09-08T00:00:00
db:	BID	id:	70969	date:	2014-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-005286	date:	2014-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201411-108	date:	2014-11-14T00:00:00
db:	NVD	id:	CVE-2014-7989	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-75934	date:	2014-11-07T00:00:00
db:	BID	id:	70969	date:	2014-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-005286	date:	2014-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201411-108	date:	2014-11-14T00:00:00
db:	NVD	id:	CVE-2014-7989	date:	2014-11-07T11:55:03.860