nvd-json-data-feeds/CVE-2014/CVE-2014-21xx/CVE-2014-2195.json

{
  "id": "CVE-2014-2195",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2014-05-20T11:13:37.593",
  "lastModified": "2018-10-30T16:27:22.513",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085."
    },
    {
      "lang": "es",
      "value": "Cisco AsyncOS en dispositivos Email Security Appliance (ESA) y Content Security Management Appliance (SMA), cuando Active Directory est\u00e1 habilitado, no maneja debidamente nombres de grupos, lo que permite a atacantes remotos ganar privilegios de rol mediante el aprovechamiento de similaridades entre nombres de grupos, tambi\u00e9n conocido como Bug ID CSCum86085."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:cisco:asyncos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "87AA6AB8-12B9-4810-9D06-01EEBF7B01C9"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60635EC8-9AFA-400D-A919-66E60CDEF852"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA3A518-E103-4D98-A040-88ED4E0D73CC"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2195",
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1030258",
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
}