CVE-2014-3277

CWE-287 — Improper Authentication3 documents3 sources

Severity

4.0MEDIUM

EPSS

0.4%

top 41.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Domain Manager

Timeline

PublishedMay 29

Latest updateMay 17

Description

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/unified_communications_domain_manager9.0\(.1\)+4

🔴Vulnerability Details

GHSA

GHSA-69qr-qmhx-h3jv: The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9↗2022-05-17

▶

CVEList

CVE-2014-3277: The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9↗2014-05-29

▶