| Vulnerability Name: | CVE-2014-0686 (CCN-90852) | ||||||||
| Assigned: | 2014-01-31 | ||||||||
| Published: | 2014-01-31 | ||||||||
| Updated: | 2018-01-03 | ||||||||
| Summary: | Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. | ||||||||
| CVSS v3 Severity: | 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 6.0 Medium (CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C) 4.5 Medium (Temporal CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
4.5 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-0686 Source: OSVDB Type: UNKNOWN 102750 Source: CCN Type: SA56818 Cisco Unified Communications Manager CLI Security Bypass Security Issue Source: SECUNIA Type: UNKNOWN 56818 Source: CCN Type: Cisco Security Notice Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerability Source: CISCO Type: Vendor Advisory 20140131 Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerability Source: CONFIRM Type: Vendor Advisory http://tools.cisco.com/security/center/viewAlert.x?alertId=32683 Source: BID Type: UNKNOWN 65281 Source: CCN Type: BID-65281 Cisco Unified Communications Manager CVE-2014-0686 Local Privilege Escalation Vulnerability Source: XF Type: UNKNOWN cisco-ucm-cve20140686-priv-esc(90852) Source: XF Type: UNKNOWN cisco-ucm-cve20140686-priv-esc(90852) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||