Vulnerabilities > CVE-2014-0694 - Credentials Management vulnerability in Cisco Cloud Portal

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cisco

CWE-255

NVD

Published: 2014-03-14

Updated: 2014-03-14

Summary

Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Cloud Portal 9.1 Cisco Cloud Portal 9.3 Cisco Cloud Portal 9.3.1 Cisco Cloud Portal 9.3.2 Cisco Cloud Portal 9.4 Cisco Cloud Portal - Cisco Cloud Portal 9.4.1	9

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 66167 CVE(CAN) ID: CVE-2014-0694 Cisco Intelligent Automation for Cloud是针对云计算和数据中心自动化推出的自助服务配置和协作软件解决方案。 Cisco Intelligent Automation for Cloud在实现上存在多个信息泄露漏洞，攻击者可利用这些漏洞获取敏感信息。 0 Cisco Intelligent Automation for Cloud 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.cisco.com/go/psirt
id	SSV:61797
last seen	2017-11-19
modified	2014-03-14
published	2014-03-14
reporter	Root
title	Cisco Intelligent Automation for Cloud多个信息泄露漏洞(CVE-2014-0694)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Seebug

References