CVE-2014-0747
Description
Local command injection in Cisco Unified Communications Manager CAPF CLI allows authenticated local users to execute arbitrary commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local command injection in Cisco Unified Communications Manager CAPF CLI allows authenticated local users to execute arbitrary commands.
Vulnerability
The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) versions 10.0(1) and earlier contains a command injection vulnerability. The flaw resides in unspecified CAPF programs that fail to properly sanitize user-supplied input, allowing injection of arbitrary operating system commands. This issue is identified by Cisco Bug ID CSCum95493 [1].
Exploitation
An attacker must have local access to the Cisco Unified CM system with valid credentials and the ability to interact with the CAPF CLI. By crafting specially crafted input to CAPF programs, the attacker can inject arbitrary commands that are executed with the privileges of the CAPF process. No user interaction beyond the attacker's own actions is required.
Impact
Successful exploitation allows the attacker to execute arbitrary commands on the underlying operating system with the privileges of the CAPF process, which typically runs with elevated (root or system) rights. This can lead to full compromise of the affected Cisco Unified CM system, including data exfiltration, modification, or denial of service.
Mitigation
Cisco has not released a software update for this vulnerability. The affected versions (10.0(1) and earlier) are end-of-life or end-of-support. Administrators should upgrade to a supported version of Cisco Unified Communications Manager that is not affected by this issue. No workaround is available [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
19cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*range: <=10.0\(1\)
- cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*
- (no CPE)range: <=10.0(1)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747nvdVendor Advisory
- tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory
- www.securitytracker.com/id/1029843nvd
News mentions
0No linked articles in our index yet.