Lucene search

[email protected]NVD:CVE-2014-3278

HistoryJun 08, 2014 - 4:55 p.m.

CVE-2014-3278

2014-06-0816:55:02

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

65.6%

JSON

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572.

Affected configurations

Nvd

Node

ciscounified_communications_domain_managerMatch-

VendorProductVersionCPE
ciscounified_communications_domain_manager-cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_domain_manager	-	cpe:2.3:a:cisco:unified_communications_domain_manager:-:::::::*

References

secunia.com/advisories/58657

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3278

www.securityfocus.com/bid/67924

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

65.6%

JSON

Related for NVD:CVE-2014-3278

cvelist1 cve1 prion1