Lucene search

[email protected]NVD:CVE-2014-3280

HistoryJun 03, 2014 - 4:44 a.m.

CVE-2014-3280

2014-06-0304:44:49

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.002

Percentile

52.6%

JSON

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116.

Affected configurations

Nvd

Node

ciscounified_communications_domain_managerRange≤9.0\(.1\)

ciscounified_communications_domain_managerMatch7.4

ciscounified_communications_domain_managerMatch8.6

ciscounified_communications_domain_managerMatch8.6\(.2\)

ciscounified_communications_domain_managerMatch9.0

VendorProductVersionCPE
ciscounified_communications_domain_manager*cpe:2.3:a:cisco:unified_communications_domain_manager:*:*:*:*:*:*:*:*
ciscounified_communications_domain_manager7.4cpe:2.3:a:cisco:unified_communications_domain_manager:7.4:*:*:*:*:*:*:*
ciscounified_communications_domain_manager8.6cpe:2.3:a:cisco:unified_communications_domain_manager:8.6:*:*:*:*:*:*:*
ciscounified_communications_domain_manager8.6(.2)cpe:2.3:a:cisco:unified_communications_domain_manager:8.6\(.2\):*:*:*:*:*:*:*
ciscounified_communications_domain_manager9.0cpe:2.3:a:cisco:unified_communications_domain_manager:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_domain_manager	*	cpe:2.3:a:cisco:unified_communications_domain_manager::::::::
cisco	unified_communications_domain_manager	7.4	cpe:2.3:a:cisco:unified_communications_domain_manager:7.4:::::::*
cisco	unified_communications_domain_manager	8.6	cpe:2.3:a:cisco:unified_communications_domain_manager:8.6:::::::*
cisco	unified_communications_domain_manager	8.6(.2)	cpe:2.3:a:cisco:unified_communications_domain_manager:8.6\(.2\):::::::*
cisco	unified_communications_domain_manager	9.0	cpe:2.3:a:cisco:unified_communications_domain_manager:9.0:::::::*

References

secunia.com/advisories/58400

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3280

tools.cisco.com/security/center/viewAlert.x?alertId=34379

www.securityfocus.com/bid/67661

www.securitytracker.com/id/1030306

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.002

Percentile

52.6%

JSON

Related for NVD:CVE-2014-3280

prion1 cve1 cvelist1