OpenCVE

Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Unified Communications Manager

Configuration 1 [-]

cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008
http://www.securityfocus.com/bid/72263
http://www.securitytracker.com/id/1031604
https://tools.cisco.com/security/center/viewAlert.x?alertId=37111

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2015-01-22T11:00:00

Updated: 2024-08-06T13:10:49.451Z

Reserved: 2014-10-08T00:00:00

Link: CVE-2014-8008

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-01-22T14:01:14.913

Modified: 2024-11-21T02:18:25.240

Link: CVE-2014-8008

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-21T00:00:00", "descriptions": [{"lang": "en", "value": "Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-30T16:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "72263", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72263"}, {"name": "1031604", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031604"}, {"name": "20150121 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008"}, {"name": "20150126 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=37111"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2014-8008", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "72263", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72263"}, {"name": "1031604", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031604"}, {"name": "20150121 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008"}, {"name": "20150126 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=37111"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:49.451Z"}, "title": "CVE Program Container", "references": [{"name": "72263", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72263"}, {"name": "1031604", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031604"}, {"name": "20150121 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008"}, {"name": "20150126 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=37111"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2014-8008", "datePublished": "2015-01-22T11:00:00", "dateReserved": "2014-10-08T00:00:00", "dateUpdated": "2024-08-06T13:10:49.451Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D51B262-3855-4384-A0EA-FE115D544953", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414."}, {"lang": "es", "value": "Vulnerabilidad de recorrido de directorio absoluto en la API Real-Time Monitoring Tool (RTMT) en Cisco Unified Communications Manager (CUCM) permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s del nombre de ruta completo en un comando API, tambi\u00e9n conocido como Bug ID CSCur49414."}], "id": "CVE-2014-8008", "lastModified": "2024-11-21T02:18:25.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-22T14:01:14.913", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/72263"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1031604"}, {"source": "ykramarz@cisco.com", "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=37111"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72263"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031604"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=37111"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}