| Vulnerability Name: | CVE-2014-0724 (CCN-91026) | ||||||||
| Assigned: | 2014-02-11 | ||||||||
| Published: | 2014-02-11 | ||||||||
| Updated: | 2014-02-13 | ||||||||
| Summary: | The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-0724 Source: CCN Type: Cisco Security Notice Cisco Unified Communications Manager Arbitrary File Read Vulnerability Source: CISCO Type: Vendor Advisory 20140211 Cisco Unified Communications Manager Arbitrary File Read Vulnerability Source: CONFIRM Type: Vendor Advisory http://tools.cisco.com/security/center/viewAlert.x?alertId=32825 Source: CCN Type: BID-65497 Cisco Unified Communications Manager CVE-2014-0724 Arbitrary File Disclosure Vulnerability Source: XF Type: UNKNOWN cisco-ucm-cve20140724-info-disc(91026) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||