Vulnerability Name:

CVE-2014-2198 (CCN-94227)

Assigned:2014-07-02
Published:2014-07-02
Updated:2017-01-07
Summary:Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation of the product, aka Bug ID CSCud41130.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-255
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2014-2198

Source: SECUNIA
Type: UNKNOWN
59544

Source: CCN
Type: cisco-sa-20140702-cucdm
Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

Source: CISCO
Type: Vendor Advisory
20140702 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

Source: CISCO
Type: UNKNOWN
20140702 Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

Source: BID
Type: UNKNOWN
68334

Source: CCN
Type: BID-68334
Cisco Unified Communications Domain Manager CVE-2014-2198 Unauthorized Access Vulnerability

Source: SECTRACK
Type: UNKNOWN
1030515

Source: XF
Type: UNKNOWN
cisco-ucdm-cve20142198-priv-esc(94227)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:unified_cdm_platform_software:*:*:*:*:*:*:*:* (Version <= 4.4)
  • OR cpe:/a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco unified cdm platform software *
    cisco unified communications domain manager -