Lucene search

CiscoCVE-2014-3333

HistoryAug 11, 2014 - 8:55 p.m.

CVE-2014-3333

2014-08-1120:55:07

CWE-264

cisco

web.nvd.nist.gov

cisco

unity connection

server

vulnerability

cisco unity connection 9.1

bug id cscup41014

cve-2014-3333

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

71.9%

JSON

The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an “HTTP Intercept” attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014.

Affected configurations

Nvd

Node

ciscounity_connectionMatch9.1\(1\)

ciscounity_connectionMatch9.1\(2\)

VendorProductVersionCPE
ciscounity_connection9.1(1)cpe:2.3:a:cisco:unity_connection:9.1\(1\):*:*:*:*:*:*:*
ciscounity_connection9.1(2)cpe:2.3:a:cisco:unity_connection:9.1\(2\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unity_connection	9.1(1)	cpe:2.3:a:cisco:unity_connection:9.1\(1\):::::::*
cisco	unity_connection	9.1(2)	cpe:2.3:a:cisco:unity_connection:9.1\(2\):::::::*

References

secunia.com/advisories/59768

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333

tools.cisco.com/security/center/viewAlert.x?alertId=35200

www.securityfocus.com/bid/69074

www.securitytracker.com/id/1030688

exchange.xforce.ibmcloud.com/vulnerabilities/95135

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

71.9%

JSON

Related for CVE-2014-3333