CVE-2014-3333

Name of the Vulnerable Software and Affected Versions Cisco Unity Connection versions 9.1(1) through 9.1(2)

Description The issue allows remote authenticated users to gain privileged access by conducting an HTTP Intercept attack. This is achieved by leveraging the ability to read files within the context of the web-server user account.

Recommendations For Cisco Unity Connection versions 9.1(1) and 9.1(2), consider restricting access to sensitive files and directories within the web-server user account context until a patch is available. As a temporary workaround, restrict the ability to conduct HTTP Intercept attacks on the server.