Lucene search

CiscoCVE-2014-0657

HistoryJan 08, 2014 - 9:55 p.m.

CVE-2014-0657

2014-01-0821:55:06

CWE-264

cisco

web.nvd.nist.gov

cisco

unified communications manager

unified cm

cve-2014-0657

bug id cscuj83540

role-based access control

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

64.9%

JSON

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.

Affected configurations

Nvd

Node

ciscounified_communications_managerRange≤9.1\(1\)

ciscounified_communications_managerMatch3.3\(5\)

ciscounified_communications_managerMatch3.3\(5\)sr1

ciscounified_communications_managerMatch3.3\(5\)sr2a

ciscounified_communications_managerMatch4.1\(3\)

ciscounified_communications_managerMatch4.1\(3\)sr1

ciscounified_communications_managerMatch4.1\(3\)sr2

ciscounified_communications_managerMatch4.1\(3\)sr3

ciscounified_communications_managerMatch4.1\(3\)sr4

ciscounified_communications_managerMatch4.2

ciscounified_communications_managerMatch4.2.1

ciscounified_communications_managerMatch4.2.2

ciscounified_communications_managerMatch4.2.3

ciscounified_communications_managerMatch4.2.3sr1

ciscounified_communications_managerMatch4.2.3sr2

ciscounified_communications_managerMatch4.2.3sr2b

ciscounified_communications_managerMatch4.3

ciscounified_communications_managerMatch4.3\(1\)

ciscounified_communications_managerMatch5.0

ciscounified_communications_managerMatch5.1

ciscounified_communications_managerMatch5.1\(1\)

ciscounified_communications_managerMatch5.1\(1b\)

ciscounified_communications_managerMatch5.1\(1c\)

ciscounified_communications_managerMatch5.1\(2\)

ciscounified_communications_managerMatch5.1\(2a\)

ciscounified_communications_managerMatch5.1\(2b\)

ciscounified_communications_managerMatch5.1\(3\)

ciscounified_communications_managerMatch5.1\(3a\)

ciscounified_communications_managerMatch5.1\(3c\)

ciscounified_communications_managerMatch5.1\(3d\)

ciscounified_communications_managerMatch5.1\(3e\)

ciscounified_communications_managerMatch5.1.2

ciscounified_communications_managerMatch6.0

ciscounified_communications_managerMatch6.0\(1\)

ciscounified_communications_managerMatch6.0\(1a\)

ciscounified_communications_managerMatch6.0\(1b\)

ciscounified_communications_managerMatch6.1\(1\)

ciscounified_communications_managerMatch6.1\(1a\)

ciscounified_communications_managerMatch6.1\(1b\)

ciscounified_communications_managerMatch6.1\(2\)

ciscounified_communications_managerMatch6.1\(2\)su1

ciscounified_communications_managerMatch6.1\(2\)su1a

ciscounified_communications_managerMatch6.1\(3\)

ciscounified_communications_managerMatch6.1\(3a\)

ciscounified_communications_managerMatch6.1\(3b\)

ciscounified_communications_managerMatch6.1\(3b\)su1

ciscounified_communications_managerMatch6.1\(4\)

ciscounified_communications_managerMatch6.1\(4\)su1

ciscounified_communications_managerMatch6.1\(4a\)

ciscounified_communications_managerMatch6.1\(4a\)su2

ciscounified_communications_managerMatch6.1\(5\)

ciscounified_communications_managerMatch6.1\(5\)su1

ciscounified_communications_managerMatch6.1\(5\)su2

ciscounified_communications_managerMatch6.1\(5\)su3

ciscounified_communications_managerMatch7.0\(1\)su1

ciscounified_communications_managerMatch7.0\(1\)su1a

ciscounified_communications_managerMatch7.0\(2\)

ciscounified_communications_managerMatch7.0\(2a\)

ciscounified_communications_managerMatch7.0\(2a\)su1

ciscounified_communications_managerMatch7.0\(2a\)su2

ciscounified_communications_managerMatch7.1\(2a\)

ciscounified_communications_managerMatch7.1\(2a\)su1

ciscounified_communications_managerMatch7.1\(2b\)

ciscounified_communications_managerMatch7.1\(2b\)su1

ciscounified_communications_managerMatch7.1\(3\)

ciscounified_communications_managerMatch7.1\(3a\)

ciscounified_communications_managerMatch7.1\(3a\)su1

ciscounified_communications_managerMatch7.1\(3a\)su1a

ciscounified_communications_managerMatch7.1\(3b\)

ciscounified_communications_managerMatch7.1\(3b\)su1

ciscounified_communications_managerMatch7.1\(3b\)su2

ciscounified_communications_managerMatch7.1\(5\)

ciscounified_communications_managerMatch7.1\(5\)su1

ciscounified_communications_managerMatch7.1\(5\)su1a

ciscounified_communications_managerMatch7.1\(5a\)

ciscounified_communications_managerMatch7.1\(5b\)

ciscounified_communications_managerMatch7.1\(5b\)su1

ciscounified_communications_managerMatch7.1\(5b\)su1a

ciscounified_communications_managerMatch7.1\(5b\)su2

ciscounified_communications_managerMatch7.1\(5b\)su3

ciscounified_communications_managerMatch7.1\(5b\)su4

ciscounified_communications_managerMatch7.1\(5b\)su5

ciscounified_communications_managerMatch7.1\(5b\)su6

ciscounified_communications_managerMatch8.0

ciscounified_communications_managerMatch8.0\(1\)

ciscounified_communications_managerMatch8.0\(2\)

ciscounified_communications_managerMatch8.0\(2a\)

ciscounified_communications_managerMatch8.0\(2b\)

ciscounified_communications_managerMatch8.0\(2c\)

ciscounified_communications_managerMatch8.0\(2c\)su1

ciscounified_communications_managerMatch8.0\(3\)

ciscounified_communications_managerMatch8.0\(3a\)

ciscounified_communications_managerMatch8.0\(3a\)su1

ciscounified_communications_managerMatch8.0\(3a\)su2

ciscounified_communications_managerMatch8.0\(3a\)su3

ciscounified_communications_managerMatch8.5

ciscounified_communications_managerMatch8.5\(1\)

ciscounified_communications_managerMatch8.5\(1\)su1

ciscounified_communications_managerMatch8.5\(1\)su2

ciscounified_communications_managerMatch8.5\(1\)su3

ciscounified_communications_managerMatch8.5\(1\)su4

ciscounified_communications_managerMatch8.5\(1\)su5

ciscounified_communications_managerMatch8.6

ciscounified_communications_managerMatch8.6\(1\)

ciscounified_communications_managerMatch8.6\(1a\)

ciscounified_communications_managerMatch8.6\(2\)

ciscounified_communications_managerMatch8.6\(2a\)

ciscounified_communications_managerMatch8.6\(2a\)su1

ciscounified_communications_managerMatch8.6\(2a\)su2

ciscounified_communications_managerMatch8.6\(2a\)su3

ciscounified_communications_managerMatch8.6\(3\)

ciscounified_communications_managerMatch8.6\(4\)

ciscounified_communications_managerMatch9.0\(1\)

VendorProductVersionCPE
ciscounified_communications_manager*cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
ciscounified_communications_manager3.3(5)cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):*:*:*:*:*:*:*
ciscounified_communications_manager3.3(5)sr1cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:*:*:*:*:*:*:*
ciscounified_communications_manager3.3(5)sr2acpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)sr1cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)sr2cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)sr3cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)sr4cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:*:*:*:*:*:*:*
ciscounified_communications_manager4.2cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	*	cpe:2.3:a:cisco:unified_communications_manager::::::::
cisco	unified_communications_manager	3.3(5)	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):::::::*
cisco	unified_communications_manager	3.3(5)sr1	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:::::::*
cisco	unified_communications_manager	3.3(5)sr2a	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:::::::*
cisco	unified_communications_manager	4.1(3)	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):::::::*
cisco	unified_communications_manager	4.1(3)sr1	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:::::::*
cisco	unified_communications_manager	4.1(3)sr2	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:::::::*
cisco	unified_communications_manager	4.1(3)sr3	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:::::::*
cisco	unified_communications_manager	4.1(3)sr4	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:::::::*
cisco	unified_communications_manager	4.2	cpe:2.3:a:cisco:unified_communications_manager:4.2:::::::*

Rows per page:

1-10 of 1131

References

osvdb.org/101800

secunia.com/advisories/56368

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0657

tools.cisco.com/security/center/viewAlert.x?alertId=32341

www.securityfocus.com/bid/64690

www.securitytracker.com/id/1029571

exchange.xforce.ibmcloud.com/vulnerabilities/90120

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

64.9%

JSON

Related for CVE-2014-0657