Details of VAR-201412-0291

ID

VAR-201412-0291

CVE

CVE-2014-8006

TITLE

Cisco ISB8320-E High-Definition IP-Only DVR of Disaster Recovery Vulnerabilities that bypass authentication in functions

Trust: 0.8

sources: JVNDB: JVNDB-2014-007267

DESCRIPTION

The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422. The Cisco ISB8320-E High-Definition IP-Only DVR is a Cisco HD DVR. Cisco ISB8320-E High-Definition IP-Only DVR has a security vulnerability that could allow an attacker to exploit this vulnerability to bypass certain security restrictions or to perform unauthorized access on an affected device. This issue is tracked by Cisco Bug ID CSCup85422

Trust: 2.52

sources: NVD: CVE-2014-8006 // JVNDB: JVNDB-2014-007267 // CNVD: CNVD-2014-09026 // BID: 71706 // VULHUB: VHN-75951

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-09026

AFFECTED PRODUCTS

vendor:	cisco	model:	isb8320-e high-definition ip-only dvr	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	isb8320-e high-definition ip-only dvr	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	isb8320-e high-definition ip-only dvr cscup85422	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	isb8320-e ip only dvr	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2014-09026 // BID: 71706 // JVNDB: JVNDB-2014-007267 // CNNVD: CNNVD-201412-370 // NVD: CVE-2014-8006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8006
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-8006
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-09026
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201412-370
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-75951
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-8006
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-09026
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-75951
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-09026 // VULHUB: VHN-75951 // JVNDB: JVNDB-2014-007267 // CNNVD: CNNVD-201412-370 // NVD: CVE-2014-8006

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-75951 // JVNDB: JVNDB-2014-007267 // NVD: CVE-2014-8006

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-370

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201412-370

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007267

PATCH

title:	Cisco ISB8320-E High-Definition IP-Only DVR Remote Unauthenticated Access Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8006	Trust: 0.8
title:	36780	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=36780	Trust: 0.8

sources: JVNDB: JVNDB-2014-007267

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8006	Trust: 3.4
db:	BID	id:	71706	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-007267	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-370	Trust: 0.7
db:	CNVD	id:	CNVD-2014-09026	Trust: 0.6
db:	VULHUB	id:	VHN-75951	Trust: 0.1

sources: CNVD: CNVD-2014-09026 // VULHUB: VHN-75951 // BID: 71706 // JVNDB: JVNDB-2014-007267 // CNNVD: CNNVD-201412-370 // NVD: CVE-2014-8006

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8006	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8006	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8006	Trust: 0.8
url:	http://www.securityfocus.com/bid/71706	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-09026 // VULHUB: VHN-75951 // BID: 71706 // JVNDB: JVNDB-2014-007267 // CNNVD: CNNVD-201412-370 // NVD: CVE-2014-8006

CREDITS

Cisco

Trust: 0.3

sources: BID: 71706

SOURCES

db:	CNVD	id:	CNVD-2014-09026
db:	VULHUB	id:	VHN-75951
db:	BID	id:	71706
db:	JVNDB	id:	JVNDB-2014-007267
db:	CNNVD	id:	CNNVD-201412-370
db:	NVD	id:	CVE-2014-8006

LAST UPDATE DATE

2025-04-12T23:31:28.920000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-09026	date:	2014-12-22T00:00:00
db:	VULHUB	id:	VHN-75951	date:	2014-12-17T00:00:00
db:	BID	id:	71706	date:	2014-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-007267	date:	2014-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201412-370	date:	2014-12-17T00:00:00
db:	NVD	id:	CVE-2014-8006	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-09026	date:	2014-12-19T00:00:00
db:	VULHUB	id:	VHN-75951	date:	2014-12-17T00:00:00
db:	BID	id:	71706	date:	2014-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-007267	date:	2014-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201412-370	date:	2014-12-17T00:00:00
db:	NVD	id:	CVE-2014-8006	date:	2014-12-17T00:59:02.330