Lucene search
CiscoCVE-2014-0733HistoryFeb 20, 2014 - 3:27 p.m.
CVE-2014-0733
2014-02-2015:27:09
CWE-287
cisco
web.nvd.nist.gov
21
cve-2014-0733
elm
cisco unified communications manager
authentication
remote attackers
bug id cscum46494
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.9
Confidence
Low
EPSS
0.003
Percentile
66.1%
The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.
Affected configurations
Node
ciscounified_communications_managerRange≤10.0\(1\)
ORciscounified_communications_managerMatch3.3\(5\)
ORciscounified_communications_managerMatch3.3\(5\)sr1
ORciscounified_communications_managerMatch3.3\(5\)sr2a
ORciscounified_communications_managerMatch4.1\(3\)
ORciscounified_communications_managerMatch4.1\(3\)sr1
ORciscounified_communications_managerMatch4.1\(3\)sr2
ORciscounified_communications_managerMatch4.1\(3\)sr3
ORciscounified_communications_managerMatch4.1\(3\)sr4
ORciscounified_communications_managerMatch4.2
ORciscounified_communications_managerMatch4.2.1
ORciscounified_communications_managerMatch4.2.2
ORciscounified_communications_managerMatch4.2.3
ORciscounified_communications_managerMatch4.2.3sr1
ORciscounified_communications_managerMatch4.2.3sr2
ORciscounified_communications_managerMatch4.2.3sr2b
ORciscounified_communications_managerMatch4.3
ORciscounified_communications_managerMatch10.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | unified_communications_manager | * | cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 3.3(5) | cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 3.3(5)sr1 | cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 3.3(5)sr2a | cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 4.1(3) | cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 4.1(3)sr1 | cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 4.1(3)sr2 | cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 4.1(3)sr3 | cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 4.1(3)sr4 | cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 4.2 | cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:* |
Related
cisco
cisco
nvd
nvd
CVE-2014-0733
2014-02-20 15:27:09
prion
prion
Authentication flaw
2014-02-20 15:27:00
seebug
seebug
Cisco Unified Communications Manager ELM信息泄漏漏洞
2014-02-21 00:00:00
cvelist
cvelist
CVE-2014-0733
2014-02-20 11:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.9
Confidence
Low
EPSS
0.003
Percentile
66.1%
Related for CVE-2014-0733