VAR-201403-0205
Vulnerability from variot - Updated: 2025-04-13 23:25Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818. Vendors have confirmed this vulnerability Bug IDs CSCui34764 , CSCui34772 , CSCui34776 , CSCui34798 , CSCui34800 , CSCui34805 , CSCui34809 , CSCui34810 , CSCui34813 , CSCui34814 ,and CSCui34818 It is released as.By using encryption key information by a third party, any IAC There is a possibility that plain text data is obtained from the installation. Cisco Intelligent Automation for Cloud is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. These issues are being tracked by Cisco BugId's CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818. Cisco Cloud Portal is a set of cloud portal solutions for data center services of Cisco
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cloud portal",
"scope": "lte",
"trust": 1.8,
"vendor": "cisco",
"version": "9.4.1"
},
{
"model": "cloud portal",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.3.1"
},
{
"model": "cloud portal",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.3"
},
{
"model": "cloud portal",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.3.2"
},
{
"model": "cloud portal",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1"
},
{
"model": "cloud portal",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.4"
},
{
"model": "cloud portal",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.4.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001652"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-249"
},
{
"db": "NVD",
"id": "CVE-2014-0694"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:cloud_portal",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001652"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "66167"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0694",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0694",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-68187",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0694",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0694",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-249",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68187",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68187"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001652"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-249"
},
{
"db": "NVD",
"id": "CVE-2014-0694"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818. Vendors have confirmed this vulnerability Bug IDs CSCui34764 , CSCui34772 , CSCui34776 , CSCui34798 , CSCui34800 , CSCui34805 , CSCui34809 , CSCui34810 , CSCui34813 , CSCui34814 ,and CSCui34818 It is released as.By using encryption key information by a third party, any IAC There is a possibility that plain text data is obtained from the installation. Cisco Intelligent Automation for Cloud is prone to multiple information-disclosure vulnerabilities. \nAn attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. \nThese issues are being tracked by Cisco BugId\u0027s CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818. Cisco Cloud Portal is a set of cloud portal solutions for data center services of Cisco",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0694"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001652"
},
{
"db": "BID",
"id": "66167"
},
{
"db": "VULHUB",
"id": "VHN-68187"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0694",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001652",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201403-249",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "26229",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20140312 CISCO INTELLIGENT AUTOMATION FOR CLOUD CRYPTOGRAPHIC IMPLEMENTATION ISSUES",
"trust": 0.6
},
{
"db": "BID",
"id": "66167",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-61797",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-68187",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68187"
},
{
"db": "BID",
"id": "66167"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001652"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-249"
},
{
"db": "NVD",
"id": "CVE-2014-0694"
}
]
},
"id": "VAR-201403-0205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-68187"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:25:29.063000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Intelligent Automation for Cloud Cryptographic Implementation Issues",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0694"
},
{
"title": "33336",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33336"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001652"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68187"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001652"
},
{
"db": "NVD",
"id": "CVE-2014-0694"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0694"
},
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33336"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0694"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0694"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/26229"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68187"
},
{
"db": "BID",
"id": "66167"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001652"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-249"
},
{
"db": "NVD",
"id": "CVE-2014-0694"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-68187"
},
{
"db": "BID",
"id": "66167"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001652"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-249"
},
{
"db": "NVD",
"id": "CVE-2014-0694"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-68187"
},
{
"date": "2014-03-12T00:00:00",
"db": "BID",
"id": "66167"
},
{
"date": "2014-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001652"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-249"
},
{
"date": "2014-03-14T10:55:05.723000",
"db": "NVD",
"id": "CVE-2014-0694"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-68187"
},
{
"date": "2014-03-17T01:05:00",
"db": "BID",
"id": "66167"
},
{
"date": "2014-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001652"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-249"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0694"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-249"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Cloud Portal of Intelligent Automation for Cloud Vulnerability in obtaining plaintext data",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001652"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-249"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…