Lucene search

CiscoCVE-2014-2197

HistoryJul 07, 2014 - 11:01 a.m.

CVE-2014-2197

2014-07-0711:01:29

CWE-264

cisco

web.nvd.nist.gov

cve-2014-2197

cisco

unified communications

domain manager

cdm

bug id cscun49862

access control

remote authentication

url crafting

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

61.1%

JSON

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862.

Affected configurations

Nvd

Node

ciscounified_cdm_application_softwareRange≤8.1

ciscounified_communications_domain_managerMatch-

VendorProductVersionCPE
ciscounified_cdm_application_software*cpe:2.3:a:cisco:unified_cdm_application_software:*:*:*:*:*:*:*:*
ciscounified_communications_domain_manager-cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_cdm_application_software	*	cpe:2.3:a:cisco:unified_cdm_application_software::::::::
cisco	unified_communications_domain_manager	-	cpe:2.3:a:cisco:unified_communications_domain_manager:-:::::::*

References

secunia.com/advisories/59573

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm

tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689

www.securityfocus.com/bid/68333

www.securitytracker.com/id/1030515

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

61.1%

JSON

Related for CVE-2014-2197