CVE-2014-3333

{"id": "CVE-2014-3333", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-11T20:55:07.170", "references": [{"url": "http://secunia.com/advisories/59768", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35200", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/69074", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1030688", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95135", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/59768", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35200", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/69074", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1030688", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95135", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an \"HTTP Intercept\" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014."}, {"lang": "es", "value": "El servidor en Cisco Unity Connection 9.1(1) y 9.1(2) permite a usuarios remotos autenticados obtener el acceso privilegiado mediante la realizaci\u00f3n de un ataque de 'intercepci\u00f3n de HTTP' y el aprovechamiento de la habilidad de leer ficheros dentro del contexto de la cuenta del usuario del servidor web, tambi\u00e9n conocido como Bug ID CSCup41014."}], "lastModified": "2024-11-21T02:07:53.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unity_connection:9.1\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50CD06E4-0C09-4DD7-B106-56DC680CE333"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:9.1\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA2751A8-A3CF-4CC7-A7F2-003165C1AEDB"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}