Lucene search

CiscoCVE-2014-3283

HistoryMay 29, 2014 - 5:55 p.m.

CVE-2014-3283

2014-05-2917:55:05

CWE-20

cisco

web.nvd.nist.gov

cve-2014-3283

open redirect

self-care client portal

voss

cisco

unified communications domain manager

cdm

web framework

phishing attacks

bug id cscun79731

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

61.4%

JSON

Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731.

Affected configurations

Nvd

Node

ciscounified_communications_domain_managerRange≤9.0\(.1\)

ciscounified_communications_domain_managerMatch7.4

ciscounified_communications_domain_managerMatch8.6

ciscounified_communications_domain_managerMatch8.6\(.2\)

ciscounified_communications_domain_managerMatch9.0

VendorProductVersionCPE
ciscounified_communications_domain_manager*cpe:2.3:a:cisco:unified_communications_domain_manager:*:*:*:*:*:*:*:*
ciscounified_communications_domain_manager7.4cpe:2.3:a:cisco:unified_communications_domain_manager:7.4:*:*:*:*:*:*:*
ciscounified_communications_domain_manager8.6cpe:2.3:a:cisco:unified_communications_domain_manager:8.6:*:*:*:*:*:*:*
ciscounified_communications_domain_manager8.6(.2)cpe:2.3:a:cisco:unified_communications_domain_manager:8.6\(.2\):*:*:*:*:*:*:*
ciscounified_communications_domain_manager9.0cpe:2.3:a:cisco:unified_communications_domain_manager:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_domain_manager	*	cpe:2.3:a:cisco:unified_communications_domain_manager::::::::
cisco	unified_communications_domain_manager	7.4	cpe:2.3:a:cisco:unified_communications_domain_manager:7.4:::::::*
cisco	unified_communications_domain_manager	8.6	cpe:2.3:a:cisco:unified_communications_domain_manager:8.6:::::::*
cisco	unified_communications_domain_manager	8.6(.2)	cpe:2.3:a:cisco:unified_communications_domain_manager:8.6\(.2\):::::::*
cisco	unified_communications_domain_manager	9.0	cpe:2.3:a:cisco:unified_communications_domain_manager:9.0:::::::*

References

secunia.com/advisories/58400

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3283

tools.cisco.com/security/center/viewAlert.x?alertId=34383

www.securityfocus.com/bid/67665

www.securitytracker.com/id/1030306

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

61.4%

JSON

Related for CVE-2014-3283