Lucene search

[email protected]CVE-2014-2198

HistoryJul 07, 2014 - 11:01 a.m.

CVE-2014-2198

2014-07-0711:01:00

CWE-255

[email protected]

web.nvd.nist.gov

cisco

unified communications

cdm

ssh

remote access

security vulnerability

cve-2014-2198

nvd

6.8 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.1%

JSON

Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation of the product, aka Bug ID CSCud41130.

CPENameOperatorVersion
cisco:unified_communications_domain_managercisco unified communications domain managereq-
cisco:unified_cdm_platform_softwarecisco unified cdm platform softwarele4.4

CPE	Name	Operator	Version
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	-
cisco:unified_cdm_platform_software	cisco unified cdm platform software	le	4.4

References

secunia.com/advisories/59544

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm

tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689

www.securityfocus.com/bid/68334

www.securitytracker.com/id/1030515

6.8 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.1%

JSON

Related for CVE-2014-2198

prion1 cvelist1 securityvulns1 cisco1