CVE-2014-3280

CWE-264 CWE-7726 documents6 sources

Severity

4.0MEDIUM

EPSS

0.4%

top 39.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Domain Manager

Timeline

PublishedJun 3

Latest updateMay 17

Description

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/unified_communications_domain_manager9.0\(.1\)+4

🔴Vulnerability Details

GHSA

GHSA-v5ch-jpfh-x28g: The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9↗2022-05-17

▶

GHSA

OpenStack Compute (nova) allows remote authenticated users to cause a denial of service↗2022-05-14

▶

CVEList

CVE-2014-3280: The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9↗2014-06-03

▶

📋Vendor Advisories

Red Hat

openstack-nova: Deleting instances in resize state fails↗2015-09-01

▶

💬Community

Bugzilla

CVE-2015-3280 openstack-nova: Deleting instances in resize state fails↗2015-08-28

▶