CVE-2014-3282

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Domain Manager (CDM) versions 9.0(.1) and earlier

Description The Administration GUI in the web framework does not properly implement access control. This allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL.

Recommendations For Cisco Unified Communications Domain Manager (CDM) versions 9.0(.1) and earlier, consider restricting access to the Administration GUI to minimize the risk of exploitation. As a temporary workaround, limit the privileges of Location Administrators until a fix is available.