CVE-2014-0742
Description
Local users can read or modify arbitrary files via the CAPF CLI in Cisco Unified Communications Manager 10.0(1) and earlier.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local users can read or modify arbitrary files via the CAPF CLI in Cisco Unified Communications Manager 10.0(1) and earlier.
Vulnerability
The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature of Cisco Unified Communications Manager (Unified CM) contains a vulnerability that allows local users to read or modify arbitrary files. The issue affects versions 10.0(1) and earlier [1]. The exact vectors are unspecified, but the flaw resides in the command-line interface of the CAPF component.
Exploitation
An attacker must have local access to the affected system. No authentication or user interaction beyond local shell access is required. The exploitation involves unspecified vectors within the CAPF CLI that enable arbitrary file operations.
Impact
Successful exploitation allows a local attacker to read or modify arbitrary files on the system. This could lead to disclosure of sensitive information (e.g., certificates, configuration files) or unauthorized changes that may affect system integrity and availability.
Mitigation
Cisco has not released a fix for this vulnerability in the available references [1]. Users should restrict local access to trusted administrators and monitor for unauthorized activity. No workaround is documented.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
19cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*range: <=10.0\(1\)
- cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*
- (no CPE)range: <=10.0(1)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742nvdVendor Advisory
- tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory
- www.securitytracker.com/id/1029843nvd
News mentions
0No linked articles in our index yet.