Lucene search

[email protected]NVD:CVE-2014-3282

HistoryMay 29, 2014 - 5:55 p.m.

CVE-2014-3282

2014-05-2917:55:05

CWE-264

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.6%

JSON

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930.

Affected configurations

NVD

Node

ciscounified_communications_domain_managerRange≤9.0\(.1\)

ciscounified_communications_domain_managerMatch7.4

ciscounified_communications_domain_managerMatch8.6

ciscounified_communications_domain_managerMatch8.6\(.2\)

ciscounified_communications_domain_managerMatch9.0

References

secunia.com/advisories/58400

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3282

tools.cisco.com/security/center/viewAlert.x?alertId=34382

www.securityfocus.com/bid/67666

www.securitytracker.com/id/1030306

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.6%

JSON

Related for NVD:CVE-2014-3282

prion1 cve1 cvelist1