NVD Vulnerability Detail

CVE-2014-0747

Summary	The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.
Publication Date	Feb. 27, 2014, 10:55 a.m.
Registration Date	Jan. 26, 2021, 3:05 p.m.
Last Update	Nov. 21, 2024, 11:02 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:::::::*
cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:::::::*
cpe:2.3:a:cisco:unified_communications_manager:10.0:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.2:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.3:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.2.3:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.2.1:::::::*
cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.2.2:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:::::::*
cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:::::::*
cpe:2.3:a:cisco:unified_communications_manager::::::::		10.0\(1\)

Related information, measures and tools

No	URL	タグ
1	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747	Vendor Advisory
2	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747	Vendor Advisory
3	http://tools.cisco.com/security/center/viewAlert.x?alertId=33048	Vendor Advisory
4	http://tools.cisco.com/security/center/viewAlert.x?alertId=33048	Vendor Advisory
5	http://www.securitytracker.com/id/1029843
6	http://www.securitytracker.com/id/1029843

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

JVN Vulnerability Information

Cisco Unified Communications Manager の Certificate Authority Proxy Function の CLI 実装におけるコマンドを挿入される脆弱性

Title	Cisco Unified Communications Manager の Certificate Authority Proxy Function の CLI 実装におけるコマンドを挿入される脆弱性
Summary	Cisco Unified Communications Manager (Unified CM) の Certificate Authority Proxy Function (CAPF) の CLI 実装には、コマンドを挿入される脆弱性が存在します。ベンダは、本脆弱性を Bug ID CSCum95493 として公開しています。
Possible impacts	ローカルユーザにより、不特定の CAPF プログラムを介して、コマンドを挿入される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Feb. 26, 2014, midnight
Registration Date	Feb. 28, 2014, 6:43 p.m.
Last Update	Feb. 28, 2014, 6:43 p.m.

Affected System

シスコシステムズ

Cisco Unified Communications Manager 10.0(1) およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-0747	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0747
National Vulnerability Database (NVD)
2	CVE-2014-0747	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0747

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Cisco Security Notice
1	Cisco Unified Communications Manager CAPF CLI Command Injection Vulnerability	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747
Vulnerability Alert
2	33048	http://tools.cisco.com/security/center/viewAlert.x?alertId=33048

Change Log

No	Changed Details	Date of change
0	[2014年02月28日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:::::::*
cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:::::::*
cpe:2.3:a:cisco:unified_communications_manager:10.0:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.2:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.3:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.2.3:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.2.1:::::::*
cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.2.2:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:::::::*
cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:::::::*
cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:::::::*
cpe:2.3:a:cisco:unified_communications_manager::::::::		10.0\(1\)