Sign-up

ID

VAR-201412-0294


CVE

CVE-2014-8010


TITLE

Cisco Unified Communications Domain Manager of Web Any in the framework OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-006000

DESCRIPTION

The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. Vendors report this vulnerability Bug ID CSCuq50205 Published as.By means of a remotely crafted value, OS The command may be executed. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with the privileges of the web server process. This issue is being tracked by Cisco bug ID CSCuq50205. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 2.07

sources: NVD: CVE-2014-8010 // JVNDB: JVNDB-2014-006000 // BID: 71563 // VULHUB: VHN-75955 // VULMON: CVE-2014-8010

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.0

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:eqversion:8

Trust: 0.8

sources: JVNDB: JVNDB-2014-006000 // CNNVD: CNNVD-201412-219 // NVD: CVE-2014-8010

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8010
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8010
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-219
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75955
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-8010
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8010
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-75955
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75955 // VULMON: CVE-2014-8010 // JVNDB: JVNDB-2014-006000 // CNNVD: CNNVD-201412-219 // NVD: CVE-2014-8010

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-75955 // JVNDB: JVNDB-2014-006000 // NVD: CVE-2014-8010

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-219

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201412-219

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-006000

PATCH
title:Cisco Unified Communications Domain Manager Blind Command Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8010
Trust: 0.8
title:Cisco: Cisco Unified Communications Domain Manager Blind Command Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20141212-CVE-2014-8010
Trust: 0.1
sources:
            
            
            VULMON: CVE-2014-8010 // 
            
            
            
            JVNDB: JVNDB-2014-006000

EXTERNAL IDS
db:NVDid:CVE-2014-8010
Trust: 2.9
db:SECTRACKid:1031339
Trust: 1.2
db:JVNDBid:JVNDB-2014-006000
Trust: 0.8
db:CNNVDid:CNNVD-201412-219
Trust: 0.7
db:BIDid:71563
Trust: 0.5
db:VULHUBid:VHN-75955
Trust: 0.1
db:VULMONid:CVE-2014-8010
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75955 // 
            
            
            
            VULMON: CVE-2014-8010 // 
            
            
            
            BID: 71563 // 
            
            
            
            JVNDB: JVNDB-2014-006000 // 
            
            
            
            CNNVD: CNNVD-201412-219 // 
            
            
            
            NVD: CVE-2014-8010

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8010
Trust: 1.8
url:http://www.securitytracker.com/id/1031339
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8010
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8010
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/71563
Trust: 0.1
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141212-cve-2014-8010
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75955 // 
            
            
            
            VULMON: CVE-2014-8010 // 
            
            
            
            BID: 71563 // 
            
            
            
            JVNDB: JVNDB-2014-006000 // 
            
            
            
            CNNVD: CNNVD-201412-219 // 
            
            
            
            NVD: CVE-2014-8010

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71563

SOURCES
db:VULHUBid:VHN-75955
db:VULMONid:CVE-2014-8010
db:BIDid:71563
db:JVNDBid:JVNDB-2014-006000
db:CNNVDid:CNNVD-201412-219
db:NVDid:CVE-2014-8010

LAST UPDATE DATE
2025-04-12T23:13:11.767000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75955date:2017-01-03T00:00:00
db:VULMONid:CVE-2014-8010date:2017-01-03T00:00:00
db:BIDid:71563date:2014-12-09T00:00:00
db:JVNDBid:JVNDB-2014-006000date:2014-12-25T00:00:00
db:CNNVDid:CNNVD-201412-219date:2014-12-12T00:00:00
db:NVDid:CVE-2014-8010date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-75955date:2014-12-10T00:00:00
db:VULMONid:CVE-2014-8010date:2014-12-10T00:00:00
db:BIDid:71563date:2014-12-09T00:00:00
db:JVNDBid:JVNDB-2014-006000date:2014-12-16T00:00:00
db:CNNVDid:CNNVD-201412-219date:2014-12-12T00:00:00
db:NVDid:CVE-2014-8010date:2014-12-10T21:59:16.290