Lucene search
CiscoCVE-2014-0736HistoryFeb 20, 2014 - 5:18 a.m.
CVE-2014-0736
2014-02-2005:18:04
CWE-352
cisco
web.nvd.nist.gov
20
cve-2014-0736
csrf
vulnerability
cisco unified communications manager
unified cm 10.0
security
nvd
bug id cscum46468
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.002
Percentile
52.2%
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.
Affected configurations
Node
ciscounified_communications_managerRangeβ€10.0\(1\)
ORciscounified_communications_managerMatch3.3\(5\)
ORciscounified_communications_managerMatch3.3\(5\)sr1
ORciscounified_communications_managerMatch3.3\(5\)sr2a
ORciscounified_communications_managerMatch4.1\(3\)
ORciscounified_communications_managerMatch4.1\(3\)sr1
ORciscounified_communications_managerMatch4.1\(3\)sr2
ORciscounified_communications_managerMatch4.1\(3\)sr3
ORciscounified_communications_managerMatch4.1\(3\)sr4
ORciscounified_communications_managerMatch4.2
ORciscounified_communications_managerMatch4.2.1
ORciscounified_communications_managerMatch4.2.2
ORciscounified_communications_managerMatch4.2.3
ORciscounified_communications_managerMatch4.2.3sr1
ORciscounified_communications_managerMatch4.2.3sr2
ORciscounified_communications_managerMatch4.2.3sr2b
ORciscounified_communications_managerMatch4.3
ORciscounified_communications_managerMatch10.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | unified_communications_manager | * | cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 3.3(5) | cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 3.3(5)sr1 | cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 3.3(5)sr2a | cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 4.1(3) | cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 4.1(3)sr1 | cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 4.1(3)sr2 | cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 4.1(3)sr3 | cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 4.1(3)sr4 | cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 4.2 | cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2014-02-20 05:18:00
cvelist
cvelist
CVE-2014-0736
2014-02-20 02:00:00
seebug
seebug
Cisco Unified Communications Managerθ·¨η«θ―·ζ±δΌͺι ζΌζ΄
2014-02-21 00:00:00
nvd
nvd
CVE-2014-0736
2014-02-20 05:18:04
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.002
Percentile
52.2%
Related for CVE-2014-0736