CVE-2014-0724 — Improper Input Validation in Cisco Unified Communications Manager

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.3%

top 51.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager

Timeline

PublishedFeb 13

Latest updateMay 17

Description

The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/unified_communications_manager10.0\(1\)+1

🔴Vulnerability Details

GHSA

GHSA-5m93-68wm-7pmv: The bulk administration interface in Cisco Unified Communications Manager (UCM) 10↗2022-05-17

▶

CVEList

CVE-2014-0724: The bulk administration interface in Cisco Unified Communications Manager (UCM) 10↗2014-02-13

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Arbitrary File Read Vulnerability↗2014-02-12

▶