CVE-2014-0741
First published: Thu Feb 27 2014(Updated: )
The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager | <=10.0\(1\) | |
| Cisco Unified Communications Manager | =3.3\(5\) | |
| Cisco Unified Communications Manager | =3.3\(5\)sr1 | |
| Cisco Unified Communications Manager | =3.3\(5\)sr2a | |
| Cisco Unified Communications Manager | =4.1\(3\) | |
| Cisco Unified Communications Manager | =4.1\(3\)sr1 | |
| Cisco Unified Communications Manager | =4.1\(3\)sr2 | |
| Cisco Unified Communications Manager | =4.1\(3\)sr3 | |
| Cisco Unified Communications Manager | =4.1\(3\)sr4 | |
| Cisco Unified Communications Manager | =4.2 | |
| Cisco Unified Communications Manager | =4.2.1 | |
| Cisco Unified Communications Manager | =4.2.2 | |
| Cisco Unified Communications Manager | =4.2.3 | |
| Cisco Unified Communications Manager | =4.2.3sr1 | |
| Cisco Unified Communications Manager | =4.2.3sr2 | |
| Cisco Unified Communications Manager | =4.2.3sr2b | |
| Cisco Unified Communications Manager | =4.3 | |
| Cisco Unified Communications Manager | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-0741?
CVE-2014-0741 has a medium severity rating due to the potential for local users to read or modify arbitrary files.
How do I fix CVE-2014-0741?
To fix CVE-2014-0741, upgrade your Cisco Unified Communications Manager to a version later than 10.0(1).
Who is affected by CVE-2014-0741?
CVE-2014-0741 affects users of Cisco Unified Communications Manager versions 10.0(1) and earlier.
What impact does CVE-2014-0741 have?
CVE-2014-0741 allows local users to potentially access or modify sensitive files on affected systems.
Is there a workaround for CVE-2014-0741?
There are no known workarounds for CVE-2014-0741 other than applying the necessary software updates.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified communications manager
- version/cisco unified communications manager/10.0\(1\)
- version/cisco unified communications manager/3.3\(5\)
- version/cisco unified communications manager/3.3\(5\)sr1
- version/cisco unified communications manager/3.3\(5\)sr2a
- version/cisco unified communications manager/4.1\(3\)
- version/cisco unified communications manager/4.1\(3\)sr1
- version/cisco unified communications manager/4.1\(3\)sr2
- version/cisco unified communications manager/4.1\(3\)sr3
- version/cisco unified communications manager/4.1\(3\)sr4
- version/cisco unified communications manager/4.2
- version/cisco unified communications manager/4.2.1
- version/cisco unified communications manager/4.2.2
- version/cisco unified communications manager/4.2.3
- version/cisco unified communications manager/4.2.3sr1
- version/cisco unified communications manager/4.2.3sr2
- version/cisco unified communications manager/4.2.3sr2b
- version/cisco unified communications manager/4.3
- version/cisco unified communications manager/10.0