Lucene search

CiscoCISCO-SA-20140807-CVE-2014-3332

HistoryAug 07, 2014 - 8:13 p.m.

Cisco Unified Communications Manager Concurrent Login Vulnerability

2014-08-0720:13:22

tools.cisco.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

EPSS

0.002

Percentile

59.2%

JSON

A vulnerability in the CLI restrictions setting of Cisco Unified Communications Manager could allow an authenticated, remote attacker to remain undetected as an authenticated user. The vulnerability is due to improper sanitization of authenticated users.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, an attacker must have authenticated access to a targeted system. This access requirement may decrease the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Affected configurations

Vulners

Node

ciscounified_communications_managerMatchany

VendorProductVersionCPE
ciscounified_communications_manageranycpe:2.3:a:cisco:unified_communications_manager:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	any	cpe:2.3:a:cisco:unified_communications_manager:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140807-CVE-2014-3332

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

EPSS

0.002

Percentile

59.2%

JSON

Related for CISCO-SA-20140807-CVE-2014-3332