CVE-2014-8000 - Vulnerability Details - OpenCVE

ReportizFlow

Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Unified Communications Manager Im And Presence Service

Configuration 1 [-]

cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:9.1\(1\):*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/62558
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000
http://tools.cisco.com/security/center/viewAlert.x?alertId=36467
http://www.securityfocus.com/bid/71173
http://www.securitytracker.com/id/1031240
https://exchange.xforce.ibmcloud.com/vulnerabilities/98786

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2014-11-21T02:00:00

Updated: 2024-08-06T13:10:49.453Z

Reserved: 2014-10-08T00:00:00

Link: CVE-2014-8000

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-11-21T02:59:05.630

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-8000

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-19T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36467"}, {"name": "20141119 Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000"}, {"name": "62558", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62558"}, {"name": "71173", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71173"}, {"name": "1031240", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031240"}, {"name": "cisco-ucm-cve20148000-info-disc(98786)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98786"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2014-8000", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36467", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36467"}, {"name": "20141119 Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000"}, {"name": "62558", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62558"}, {"name": "71173", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71173"}, {"name": "1031240", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031240"}, {"name": "cisco-ucm-cve20148000-info-disc(98786)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98786"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:49.453Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36467"}, {"name": "20141119 Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000"}, {"name": "62558", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62558"}, {"name": "71173", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71173"}, {"name": "1031240", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031240"}, {"name": "cisco-ucm-cve20148000-info-disc(98786)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98786"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2014-8000", "datePublished": "2014-11-21T02:00:00", "dateReserved": "2014-10-08T00:00:00", "dateUpdated": "2024-08-06T13:10:49.453Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:9.1\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "C5EDAC2C-E099-454A-A0A9-26E35F5E4BF0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497."}, {"lang": "es", "value": "Cisco Unified Communications Manager IM and Presence Service 9.1(1) produce mensajes de retorno diferentes para peticiones URL en funci\u00f3n de si existe un nombre de usuario, lo que permite a atacantes remotos enumerar las cuentas de usuario a trav\u00e9s de una serie de peticiones, tambi\u00e9n conocido como Bug ID CSCur63497."}], "id": "CVE-2014-8000", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-21T02:59:05.630", "references": [{"source": "[email protected]", "url": "http://secunia.com/advisories/62558"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36467"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/bid/71173"}, {"source": "[email protected]", "url": "http://www.securitytracker.com/id/1031240"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98786"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62558"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36467"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/71173"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031240"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98786"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "[email protected]", "type": "Primary"}]}