Lucene search

[email protected]CVE-2014-3278

HistoryJun 08, 2014 - 4:55 p.m.

CVE-2014-3278

2014-06-0816:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cisco

vulnerability

access control

remote attack

cdm

cve-2014-3278

nvd

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

65.4%

JSON

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572.

CPENameOperatorVersion
cisco:unified_communications_domain_managercisco unified communications domain managereq-

CPE	Name	Operator	Version
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	-

References

secunia.com/advisories/58657

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3278

www.securityfocus.com/bid/67924

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

65.4%

JSON

Related for CVE-2014-3278

cvelist1 prion1