Lucene search

CiscoCVE-2014-3272

HistoryMay 26, 2014 - 12:25 a.m.

CVE-2014-3272

2014-05-2600:25:31

CWE-20

cisco

web.nvd.nist.gov

cisco

tidal enterprise scheduler

tes 6.1

privilege escalation

local users

crafted parameters

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:S/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074.

Affected configurations

Nvd

Node

ciscotidal_enterprise_schedulerRange≤6.1

ciscotidal_enterprise_schedulerMatch3.0.0

ciscotidal_enterprise_schedulerMatch3.0.1

ciscotidal_enterprise_schedulerMatch5.2.2

ciscotidal_enterprise_schedulerMatch5.3.0

ciscotidal_enterprise_schedulerMatch5.3.1

ciscotidal_enterprise_schedulerMatch6.0.0

ciscotidal_enterprise_schedulerMatch6.0.1

ciscotidal_enterprise_schedulerMatch6.0.2

ciscotidal_enterprise_schedulerMatch6.0.3

VendorProductVersionCPE
ciscotidal_enterprise_scheduler*cpe:2.3:a:cisco:tidal_enterprise_scheduler:*:*:*:*:*:*:*:*
ciscotidal_enterprise_scheduler3.0.0cpe:2.3:a:cisco:tidal_enterprise_scheduler:3.0.0:*:*:*:*:*:*:*
ciscotidal_enterprise_scheduler3.0.1cpe:2.3:a:cisco:tidal_enterprise_scheduler:3.0.1:*:*:*:*:*:*:*
ciscotidal_enterprise_scheduler5.2.2cpe:2.3:a:cisco:tidal_enterprise_scheduler:5.2.2:*:*:*:*:*:*:*
ciscotidal_enterprise_scheduler5.3.0cpe:2.3:a:cisco:tidal_enterprise_scheduler:5.3.0:*:*:*:*:*:*:*
ciscotidal_enterprise_scheduler5.3.1cpe:2.3:a:cisco:tidal_enterprise_scheduler:5.3.1:*:*:*:*:*:*:*
ciscotidal_enterprise_scheduler6.0.0cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.0.0:*:*:*:*:*:*:*
ciscotidal_enterprise_scheduler6.0.1cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.0.1:*:*:*:*:*:*:*
ciscotidal_enterprise_scheduler6.0.2cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.0.2:*:*:*:*:*:*:*
ciscotidal_enterprise_scheduler6.0.3cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	tidal_enterprise_scheduler	*	cpe:2.3:a:cisco:tidal_enterprise_scheduler::::::::
cisco	tidal_enterprise_scheduler	3.0.0	cpe:2.3:a:cisco:tidal_enterprise_scheduler:3.0.0:::::::*
cisco	tidal_enterprise_scheduler	3.0.1	cpe:2.3:a:cisco:tidal_enterprise_scheduler:3.0.1:::::::*
cisco	tidal_enterprise_scheduler	5.2.2	cpe:2.3:a:cisco:tidal_enterprise_scheduler:5.2.2:::::::*
cisco	tidal_enterprise_scheduler	5.3.0	cpe:2.3:a:cisco:tidal_enterprise_scheduler:5.3.0:::::::*
cisco	tidal_enterprise_scheduler	5.3.1	cpe:2.3:a:cisco:tidal_enterprise_scheduler:5.3.1:::::::*
cisco	tidal_enterprise_scheduler	6.0.0	cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.0.0:::::::*
cisco	tidal_enterprise_scheduler	6.0.1	cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.0.1:::::::*
cisco	tidal_enterprise_scheduler	6.0.2	cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.0.2:::::::*
cisco	tidal_enterprise_scheduler	6.0.3	cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.0.3:::::::*

References

secunia.com/advisories/58922

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3272

tools.cisco.com/security/center/viewAlert.x?alertId=34339

www.securitytracker.com/id/1030275

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:S/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-3272