Lucene search

CiscoCISCO-SA-20140109-CVE-2014-0651

HistoryJan 09, 2014 - 1:11 p.m.

Cisco Context Directory Agent Privilege Escalation Vulnerability

2014-01-0913:11:36

tools.cisco.com

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

EPSS

0.003

Percentile

68.5%

JSON

A vulnerability in the administrative interface of Cisco Context Directory Agent (CDA) could allow an authenticated, remote attacker to perform administrative actions.

The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by accessing an active session. An exploit could allow the attacker to perform administrative actions.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, an attacker must authenticate to a targeted device. This access requirement reduces the likelihood of a successful exploit.

Affected configurations

Vulners

Node

ciscocontext_directory_agentMatchany

VendorProductVersionCPE
ciscocontext_directory_agentanycpe:2.3:a:cisco:context_directory_agent:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	context_directory_agent	any	cpe:2.3:a:cisco:context_directory_agent:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140109-CVE-2014-0651

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

EPSS

0.003

Percentile

68.5%

JSON

Related for CISCO-SA-20140109-CVE-2014-0651