Lucene search

CiscoCISCO-SA-20140610-CVE-2014-3292

HistoryJun 10, 2014 - 4:42 p.m.

Cisco Unified Communications Manager Real-Time Monitoring Tool Multiple Vulnerabilities

2014-06-1016:42:32

tools.cisco.com

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

EPSS

0.002

Percentile

58.7%

JSON

A vulnerability in the Real-Time Monitoring Tool (RTMT) of Cisco Unified Communications Manager could allow an authenticated, remote attacker to download or delete files from arbitrary locations on the filesystem.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted URL requests to a vulnerable device.

Cisco has confirmed the vulnerability in a security notice and software updates are available.

To exploit this vulnerability, an attacker must authenticate to an affected device. This access requirement decreases the likelihood of a successful exploit.

Affected configurations

Vulners

Node

ciscounified_communications_managerMatchany

VendorProductVersionCPE
ciscounified_communications_manageranycpe:2.3:a:cisco:unified_communications_manager:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	any	cpe:2.3:a:cisco:unified_communications_manager:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140610-CVE-2014-3292

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

EPSS

0.002

Percentile

58.7%

JSON

Related for CISCO-SA-20140610-CVE-2014-3292