CVE-2014-3283

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.8MEDIUM

EPSS

0.6%

top 31.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Domain Manager

Timeline

PublishedMay 29

Latest updateMay 17

Description

Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDcisco/unified_communications_domain_manager9.0\(.1\)+4

🔴Vulnerability Details

GHSA

GHSA-phr7-fc98-f7gv: Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM)↗2022-05-17

▶

CVEList

CVE-2014-3283: Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM)↗2014-05-29

▶