CVE-2014-0657 — Cisco Unified Communications Manager vulnerability
Severity
4.0MEDIUMNVD
EPSS
0.4%
top 36.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 8
Latest updateMay 17
Description
The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.
CVSS vector
AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9