CVE-2014-3316 — Improper Input Validation in Cisco Unified Communications Manager

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.5%

top 33.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager

Timeline

PublishedJul 10

Latest updateMay 17

Description

The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/unified_communications_manager10.0\(1\)_base

🔴Vulnerability Details

GHSA

GHSA-h4r6-7hxq-5fc9: The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypas↗2022-05-17

▶

CVEList

CVE-2014-3316: The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypas↗2014-07-10

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager DNA Arbitrary File Upload Vulnerability↗2014-07-10

▶