Skip to main content

Unified Communications Domain Manager CVE-2014-3280

MEDIUM
Permissions, Privileges, and Access Controls (CWE-264)
2014-06-03 psirt@cisco.com
4.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.0 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 03, 2014 - 04:44 cve.org
MEDIUM 4.0

DescriptionCVE.org

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116.

AnalysisAI

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-264. The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116. Affected products include: Cisco Unified Communications Domain Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2014-3300 HIGH POC
7.5 Jul 07

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application

CVE-2014-2198 CRITICAL
10.0 Jul 07

Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH priv

CVE-2018-0124 CRITICAL
9.8 Feb 22

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass

CVE-2014-2197 CRITICAL
9.0 Jul 07

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Applicat

CVE-2018-0364 HIGH
8.8 Jun 21

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unau

CVE-2014-3337 MEDIUM
6.8 Aug 12

The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated user

CVE-2013-3418 MEDIUM
6.8 Jul 11

Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows re

CVE-2015-0588 MEDIUM
6.8 Jan 15

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote a

CVE-2015-0682 MEDIUM
6.5 Apr 03

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiti

CVE-2014-8010 MEDIUM
6.5 Dec 10

The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute

CVE-2014-3339 MEDIUM
6.5 Aug 12

Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM)

CVE-2015-0684 MEDIUM
6.5 Apr 03

SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allo

Share

CVE-2014-3280 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy