CVE-2014-8010

CWE-20 — Improper Input Validation CWE-78 — OS Command Injection4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 41.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Domain Manager

Timeline

PublishedDec 10

Latest updateMay 17

Description

The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/unified_communications_domain_manager8.0

🔴Vulnerability Details

GHSA

GHSA-c3qw-8xrq-mhcj: The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via cra↗2022-05-17

▶

CVEList

CVE-2014-8010: The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via cra↗2014-12-10

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Domain Manager Blind Command Injection Vulnerability↗2014-12-12

▶