Lucene search

CiscoCVE-2014-2198

HistoryJul 07, 2014 - 11:01 a.m.

CVE-2014-2198

2014-07-0711:01:29

CWE-255

cisco

web.nvd.nist.gov

cisco

unified communications

cdm

ssh

remote access

security vulnerability

cve-2014-2198

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.011

Percentile

84.2%

JSON

Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation of the product, aka Bug ID CSCud41130.

Affected configurations

Nvd

Node

ciscounified_cdm_platform_softwareRange≤4.4

ciscounified_communications_domain_managerMatch-

VendorProductVersionCPE
ciscounified_cdm_platform_software*cpe:2.3:a:cisco:unified_cdm_platform_software:*:*:*:*:*:*:*:*
ciscounified_communications_domain_manager-cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_cdm_platform_software	*	cpe:2.3:a:cisco:unified_cdm_platform_software::::::::
cisco	unified_communications_domain_manager	-	cpe:2.3:a:cisco:unified_communications_domain_manager:-:::::::*

References

secunia.com/advisories/59544

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm

tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689

www.securityfocus.com/bid/68334

www.securitytracker.com/id/1030515

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.011

Percentile

84.2%

JSON

Related for CVE-2014-2198