Cisco-SA-20141208-CVE-2014-8009

Cisco Unified Computing System Manager Information Disclosure Vulnerability

Cisco-SA-20141208-CVE-2014-8009 · Medium · Published 11 years ago · Updated 11 years ago

A vulnerability in the system logs of the Cisco Unified Computing System Manager could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to the inclusion of sensitive information in certain log files. An attacker could exploit this vulnerability by viewing the sensitive information stored in the logs. Cisco has confirmed the vulnerability and released software updates. To exploit the vulnerability, the attacker may need access to trusted or internal networks to access system log files. This access requirement could limit the likelihood of a successful exploit.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs)
to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEs	CVE-2014-8009
Cisco Bug IDs	CSCur99239
CVSS Score	Base 5.0 Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C

Public Affected Products

Product	CVE	Evidence
Cisco Unified Computing System (Management Software)	CVE-2014-8009	Cisco CSAF · structured affected

Vulnslist

Cisco product, release, and evidence lookup

Cisco Unified Computing System Manager Information Disclosure Vulnerability

Workarounds

Public Affected Products