{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-25T00:00:00", "descriptions": [{"lang": "en", "value": "The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-05-15T16:57:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33045"}, {"name": "20140225 Cisco Unified Communications Manager CAPF CSR Arbitrary File Read/Write Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742"}, {"name": "1029843", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029843"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2014-0742", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33045", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33045"}, {"name": "20140225 Cisco Unified Communications Manager CAPF CSR Arbitrary File Read/Write Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742"}, {"name": "1029843", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029843"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:27:19.473Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33045"}, {"name": "20140225 Cisco Unified Communications Manager CAPF CSR Arbitrary File Read/Write Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742"}, {"name": "1029843", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029843"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2014-0742", "datePublished": "2014-02-27T01:00:00", "dateReserved": "2014-01-02T00:00:00", "dateUpdated": "2024-08-06T09:27:19.473Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F66EDBF-F735-4E44-B650-39FCE806535A", "versionEndIncluding": "10.0\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", "matchCriteriaId": "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", "matchCriteriaId": "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", "matchCriteriaId": "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", "matchCriteriaId": "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", "matchCriteriaId": "0E9BF838-87A2-43B8-975B-524D7F954BF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", "matchCriteriaId": "9600EA23-5428-4312-A38E-480E3C3228BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", "matchCriteriaId": "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E6C20851-DC17-4E89-A6C1-D1B52D47608F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "BC830649-C0D4-4FFC-8701-80FB4A706F58", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "935D2815-7146-4125-BDBE-BFAA62A88EC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", "matchCriteriaId": "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", "matchCriteriaId": "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", "matchCriteriaId": "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464."}, {"lang": "es", "value": "La implementaci\u00f3n Certificate Authority Proxy Function (CAPF) CLI en la funcionalidad de gesti\u00f3n CSR en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales leer o modificar archivos arbitrarios a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCum95464."}], "id": "CVE-2014-0742", "lastModified": "2015-07-29T17:11:04.473", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-27T01:55:03.350", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33045"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1029843"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}