Lucene search

[email protected]CVE-2014-3277

HistoryMay 29, 2014 - 5:55 p.m.

CVE-2014-3277

2014-05-2917:55:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2014-3277

cisco

voss

unified communications

security

bug

access control

remote

authenticated user

information disclosure

6.5 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.4%

JSON

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005.

CPENameOperatorVersion
cisco:unified_communications_domain_managercisco unified communications domain managerle9.0\(.1\)
cisco:unified_communications_domain_managercisco unified communications domain managereq8.6\(.2\)
cisco:unified_communications_domain_managercisco unified communications domain managereq9.0
cisco:unified_communications_domain_managercisco unified communications domain managereq8.6
cisco:unified_communications_domain_managercisco unified communications domain managereq7.4

CPE	Name	Operator	Version
cisco:unified_communications_domain_manager	cisco unified communications domain manager	le	9.0\(.1\)
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	8.6\(.2\)
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	9.0
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	8.6
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	7.4

References

secunia.com/advisories/58400

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3277

tools.cisco.com/security/center/viewAlert.x?alertId=34380

www.securityfocus.com/bid/67664

www.securitytracker.com/id/1030306

6.5 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.4%

JSON

Related for CVE-2014-3277

cvelist1 prion1