CVE-2014-3277

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Domain Manager (CDM) versions 9.0.1 and earlier

Description The Administration GUI in the web framework does not properly implement access control. This allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL.

Recommendations For Cisco Unified Communications Domain Manager (CDM) versions 9.0.1 and earlier, consider restricting access to the Administration GUI to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the privileges of Location Administrators to prevent them from accessing sensitive information.