PT-2014-5176 · Cisco · Cisco Unified Communications Domain Manager

Publicado

2014-06-03

Atualizado

2016-09-07

CVE-2014-3280

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Domain Manager (CDM) versions 9.0.1 and earlier

Description The issue is related to improper access control implementation in the web framework of Cisco Unified Communications Domain Manager. This allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page.

Recommendations For versions 9.0.1 and earlier, update to a version that properly implements access control to prevent unauthorized access to user information.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2014-3280

Produtos afetados

Cisco Unified Communications Domain Manager

PT-2014-5176 · Cisco · Cisco Unified Communications Domain Manager

CVE-2014-3280

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6