Lucene search

CiscoCVE-2014-3332

HistoryAug 11, 2014 - 8:55 p.m.

CVE-2014-3332

2014-08-1120:55:07

cisco

web.nvd.nist.gov

cisco

unified communications manager

cli

restrictions

concurrent logins

cve-2014-3332

nvd

vulnerability

cisco bug id cscup98029

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

59.2%

JSON

Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.

Affected configurations

Nvd

Node

ciscounified_communications_managerRange≤8.6\(2\)

VendorProductVersionCPE
ciscounified_communications_manager*cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	*	cpe:2.3:a:cisco:unified_communications_manager::::::::

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332

tools.cisco.com/security/center/viewAlert.x?alertId=35198

www.securityfocus.com/bid/69068

www.securitytracker.com/id/1030687

exchange.xforce.ibmcloud.com/vulnerabilities/95136

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

59.2%

JSON

Related for CVE-2014-3332