CVE-2014-0686

Published Feb 4, 2014

Last updated a month ago

CVSS info 6.0

Overview

Description: Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.
Source: psirt@cisco.com
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 6
Impact score: 10
Exploitability score: 1.5
Vector string: AV:L/AC:H/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3719A935-2B3C-49AC-869F-BD31E7BCD44D",
            "versionEndIncluding": "9.1\\(2.10000.28\\)"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A1D8DBE-095D-4E38-A93B-D05459F7209E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(2\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "471B6E0B-FCD9-4E93-BDEA-0B69B5296960"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References