Lucene search

[email protected]CVE-2014-3279

HistoryMay 29, 2014 - 5:55 p.m.

CVE-2014-3279

2014-05-2917:55:05

CWE-264

[email protected]

web.nvd.nist.gov

cisco

unified communications

domain manager

cve-2014-3279

access control

remote attack

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.8%

JSON

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643.

Affected configurations

NVD

Node

ciscounified_communications_domain_managerRange≤9.0\(.1\)

ciscounified_communications_domain_managerMatch7.4

ciscounified_communications_domain_managerMatch8.6

ciscounified_communications_domain_managerMatch8.6\(.2\)

ciscounified_communications_domain_managerMatch9.0

CPENameOperatorVersion
cisco:unified_communications_domain_managercisco unified communications domain managerle9.0\(.1\)
cisco:unified_communications_domain_managercisco unified communications domain managereq7.4
cisco:unified_communications_domain_managercisco unified communications domain managereq8.6
cisco:unified_communications_domain_managercisco unified communications domain managereq8.6\(.2\)
cisco:unified_communications_domain_managercisco unified communications domain managereq9.0

CPE	Name	Operator	Version
cisco:unified_communications_domain_manager	cisco unified communications domain manager	le	9.0\(.1\)
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	7.4
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	8.6
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	8.6\(.2\)
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	9.0

References

secunia.com/advisories/58400

secunia.com/advisories/58657

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3279

tools.cisco.com/security/center/viewAlert.x?alertId=34381

www.securityfocus.com/bid/67663

www.securitytracker.com/id/1030306

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.8%

JSON

Related for CVE-2014-3279

prion1 cvelist1 nvd1