Vulnerability Details : CVE-2014-0694
Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818.
Exploit prediction scoring system (EPSS) score for CVE-2014-0694
Probability of exploitation activity in the next 30 days: 0.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-0694
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-0694
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0694
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0694
Cisco Intelligent Automation for Cloud Cryptographic Implementation Issues
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=33336
Cisco Intelligent Automation for Cloud Cryptographic Implementation Issues
Products affected by CVE-2014-0694
- cpe:2.3:a:cisco:cloud_portal:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloud_portal:9.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloud_portal:9.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloud_portal:9.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloud_portal:9.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloud_portal:9.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloud_portal:9.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloud_portal:9.1:sp3:*:*:*:*:*:*