Skip to main content

Unified Communications Domain Manager CVE-2014-8010

MEDIUM
Improper Input Validation (CWE-20)
2014-12-10 psirt@cisco.com
6.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Dec 10, 2014 - 21:59 cve.org
MEDIUM 6.5

DescriptionCVE.org

The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205.

AnalysisAI

The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. Affected products include: Cisco Unified Communications Domain Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2014-3300 HIGH POC
7.5 Jul 07

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application

CVE-2014-2198 CRITICAL
10.0 Jul 07

Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH priv

CVE-2018-0124 CRITICAL
9.8 Feb 22

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass

CVE-2014-2197 CRITICAL
9.0 Jul 07

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Applicat

CVE-2018-0364 HIGH
8.8 Jun 21

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unau

CVE-2014-3337 MEDIUM
6.8 Aug 12

The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated user

CVE-2013-3418 MEDIUM
6.8 Jul 11

Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows re

CVE-2015-0588 MEDIUM
6.8 Jan 15

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote a

CVE-2015-0682 MEDIUM
6.5 Apr 03

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiti

CVE-2014-3339 MEDIUM
6.5 Aug 12

Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM)

CVE-2015-0684 MEDIUM
6.5 Apr 03

SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allo

CVE-2017-6670 MEDIUM
6.1 Jun 13

A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remo

Share

CVE-2014-8010 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy