CVE-2014-0686 — Cisco Unified Communications Manager vulnerability

CWE-2645 documents5 sources

Severity

6.0MEDIUMNVD

EPSS

0.1%

top 79.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager

Timeline

PublishedFeb 4

Latest updateMay 14

Description

Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.5 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/unified_communications_manager9.1\(2.10000.28\)+2

🔴Vulnerability Details

GHSA

GHSA-7v4h-325x-vg9c: Cisco Unified Communications Manager (aka Unified CM) 9↗2022-05-14

▶

CVEList

CVE-2014-0686: Cisco Unified Communications Manager (aka Unified CM) 9↗2014-02-04

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerability↗2014-02-03

▶

💬Community

Bugzilla

CVE-2014-0186 tomcat7: RHEL-7 regression causing DoS↗2014-04-22

▶