Lucene search

CiscoCVE-2014-3280

HistoryJun 03, 2014 - 4:44 a.m.

CVE-2014-3280

2014-06-0304:44:49

CWE-264

cisco

web.nvd.nist.gov

cve-2014-3280

cisco

voss

web framework

access control

remote authentication

bug ids

cscun46045

cscun46116

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.002

Percentile

52.6%

JSON

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116.

Affected configurations

Nvd

Node

ciscounified_communications_domain_managerRange≤9.0\(.1\)

ciscounified_communications_domain_managerMatch7.4

ciscounified_communications_domain_managerMatch8.6

ciscounified_communications_domain_managerMatch8.6\(.2\)

ciscounified_communications_domain_managerMatch9.0

VendorProductVersionCPE
ciscounified_communications_domain_manager*cpe:2.3:a:cisco:unified_communications_domain_manager:*:*:*:*:*:*:*:*
ciscounified_communications_domain_manager7.4cpe:2.3:a:cisco:unified_communications_domain_manager:7.4:*:*:*:*:*:*:*
ciscounified_communications_domain_manager8.6cpe:2.3:a:cisco:unified_communications_domain_manager:8.6:*:*:*:*:*:*:*
ciscounified_communications_domain_manager8.6(.2)cpe:2.3:a:cisco:unified_communications_domain_manager:8.6\(.2\):*:*:*:*:*:*:*
ciscounified_communications_domain_manager9.0cpe:2.3:a:cisco:unified_communications_domain_manager:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_domain_manager	*	cpe:2.3:a:cisco:unified_communications_domain_manager::::::::
cisco	unified_communications_domain_manager	7.4	cpe:2.3:a:cisco:unified_communications_domain_manager:7.4:::::::*
cisco	unified_communications_domain_manager	8.6	cpe:2.3:a:cisco:unified_communications_domain_manager:8.6:::::::*
cisco	unified_communications_domain_manager	8.6(.2)	cpe:2.3:a:cisco:unified_communications_domain_manager:8.6\(.2\):::::::*
cisco	unified_communications_domain_manager	9.0	cpe:2.3:a:cisco:unified_communications_domain_manager:9.0:::::::*

References

secunia.com/advisories/58400

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3280

tools.cisco.com/security/center/viewAlert.x?alertId=34379

www.securityfocus.com/bid/67661

www.securitytracker.com/id/1030306

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.002

Percentile

52.6%

JSON

Related for CVE-2014-3280