| Vulnerability Name: | CVE-2014-3278 (CCN-93660) | ||||||||
| Assigned: | 2014-06-06 | ||||||||
| Published: | 2014-06-06 | ||||||||
| Updated: | 2015-12-04 | ||||||||
| Summary: | The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 4.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C)
4.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-3278 Source: SECUNIA Type: UNKNOWN 58657 Source: CCN Type: Cisco Security Notice Cisco Unified Communications Domain Manager BVSMWeb User Enumeration Vulnerability Source: CISCO Type: Vendor Advisory 20140606 Cisco Unified Communications Domain Manager BVSMWeb User Enumeration Vulnerability Source: BID Type: UNKNOWN 67924 Source: CCN Type: BID-67924 Cisco Unified Communications Domain Manager BVSMWeb User Enumeration Vulnerability Source: XF Type: UNKNOWN cucdm-cve20143278-info-disc(93660) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||