CVE-2014-3333Cisco Unity Connection vulnerability

CWE-2644 documents4 sources
Severity
9.0CRITICALNVD
EPSS
1.9%
top 16.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unity Connection
Timeline
PublishedAug 11
Latest updateMay 17

Description

The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

NVDcisco/unity_connection9.1\(1\), 9.1\(2\)+1

🔴Vulnerability Details

2
GHSA
GHSA-434r-4m9g-54qc: The server in Cisco Unity Connection 92022-05-17
CVEList
CVE-2014-3333: The server in Cisco Unity Connection 92014-08-11

📋Vendor Advisories

1
Cisco
Cisco Unity Connection HTTP Intercept Vulnerability2014-08-07
CVE-2014-3333 — Cisco Unity Connection vulnerability | cvebase