Lucene search

[email protected]CVE-2014-3282

HistoryMay 29, 2014 - 5:55 p.m.

CVE-2014-3282

2014-05-2917:55:05

CWE-264

[email protected]

web.nvd.nist.gov

voss

cisco

unified communications

domain manager

cdm

security vulnerability

access control

remote

authentication

bug id

cscum76930

nvd

cve-2014-3282

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.7%

JSON

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930.

Affected configurations

NVD

Node

ciscounified_communications_domain_managerRange≤9.0\(.1\)

ciscounified_communications_domain_managerMatch7.4

ciscounified_communications_domain_managerMatch8.6

ciscounified_communications_domain_managerMatch8.6\(.2\)

ciscounified_communications_domain_managerMatch9.0

CPENameOperatorVersion
cisco:unified_communications_domain_managercisco unified communications domain managerle9.0\(.1\)
cisco:unified_communications_domain_managercisco unified communications domain managereq7.4
cisco:unified_communications_domain_managercisco unified communications domain managereq8.6
cisco:unified_communications_domain_managercisco unified communications domain managereq8.6\(.2\)
cisco:unified_communications_domain_managercisco unified communications domain managereq9.0

CPE	Name	Operator	Version
cisco:unified_communications_domain_manager	cisco unified communications domain manager	le	9.0\(.1\)
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	7.4
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	8.6
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	8.6\(.2\)
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	9.0

References

secunia.com/advisories/58400

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3282

tools.cisco.com/security/center/viewAlert.x?alertId=34382

www.securityfocus.com/bid/67666

www.securitytracker.com/id/1030306

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.7%

JSON

Related for CVE-2014-3282

nvd1 prion1 cvelist1