CVE-2014-3279

CWE-2643 documents3 sources

Severity

5.0MEDIUM

EPSS

0.7%

top 28.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Domain Manager

Timeline

PublishedMay 29

Latest updateMay 17

Description

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/unified_communications_domain_manager9.0\(.1\)+4

🔴Vulnerability Details

GHSA

GHSA-4pf5-5rrg-5jj5: The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9↗2022-05-17

▶

CVEList

CVE-2014-3279: The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9↗2014-05-29

▶