cnvd - cnvd-2015-00609

cnvd-2015-00609

Vulnerability from cnvd

Title

Cisco Unified Communications Manager文件泄露漏洞

Description

Cisco Unified Communications Manager是一款Cisco IP电话解决方案中的呼叫处理组件。 Cisco Unified Communications Manager存在文件泄露漏洞，因为它未能充分过滤用户提供的输入。攻击者可以利用此漏洞获得敏感信息。

Severity

中

Formal description

目前没有详细的解决方案提供： http://www.cisco.com/

Reference

http://www.securityfocus.com/bid/72263 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008

Impacted products

Name
Cisco Unified Communications Manager

Show details on source website

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72263"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-8008"
    }
  },
  "description": "Cisco Unified Communications Manager\u662f\u4e00\u6b3eCisco IP\u7535\u8bdd\u89e3\u51b3\u65b9\u6848\u4e2d\u7684\u547c\u53eb\u5904\u7406\u7ec4\u4ef6\u3002 \r\n\r\nCisco Unified Communications Manager\u5b58\u5728\u6587\u4ef6\u6cc4\u9732\u6f0f\u6d1e\uff0c\u56e0\u4e3a\u5b83\u672a\u80fd\u5145\u5206\u8fc7\u6ee4\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.cisco.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00609",
  "openTime": "2015-01-26",
  "products": {
    "product": "Cisco Unified Communications Manager"
  },
  "referenceLink": "http://www.securityfocus.com/bid/72263\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008",
  "serverity": "\u4e2d",
  "submitTime": "2015-01-23",
  "title": "Cisco Unified Communications Manager\u6587\u4ef6\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2014-8008 (GCVE-0-2014-8008)

Vulnerability from cvelistv5

Published

2015-01-22 11:00

Modified

2024-08-06 13:10

Severity ?

CWE

n/a

Summary

Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.

References

URL

Tags

	http://www.securityfocus.com/bid/72263	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1031604	vdb-entry, x_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008	vendor-advisory, x_refsource_CISCO
	https://tools.cisco.com/security/center/viewAlert.x?alertId=37111	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:49.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "72263",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72263"
          },
          {
            "name": "1031604",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031604"
          },
          {
            "name": "20150121 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008"
          },
          {
            "name": "20150126 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=37111"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T16:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "72263",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72263"
        },
        {
          "name": "1031604",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031604"
        },
        {
          "name": "20150121 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008"
        },
        {
          "name": "20150126 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=37111"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-8008",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "72263",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72263"
            },
            {
              "name": "1031604",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031604"
            },
            {
              "name": "20150121 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008"
            },
            {
              "name": "20150126 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=37111"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-8008",
    "datePublished": "2015-01-22T11:00:00",
    "dateReserved": "2014-10-08T00:00:00",
    "dateUpdated": "2024-08-06T13:10:49.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.