CVE-2014-3279 : The Administration GUI in the web framework in VOSS in Cisco Unified Communicati

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643.

Published 2014-05-29 17:55:05

Updated 2025-04-12 10:46:41

Source Cisco Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2014-3279

Cisco » Unified Communications Domain Manager
Versions up to, including, (<=) 9.0\(.1\)
cpe:2.3:a:cisco:unified_communications_domain_manager:*:*:*:*:*:*:*:*
Matching versions
Cisco » Unified Communications Domain Manager » Version: 7.4
cpe:2.3:a:cisco:unified_communications_domain_manager:7.4:*:*:*:*:*:*:*
Matching versions
Cisco » Unified Communications Domain Manager » Version: 9.0
cpe:2.3:a:cisco:unified_communications_domain_manager:9.0:*:*:*:*:*:*:*
Matching versions
Cisco » Unified Communications Domain Manager » Version: 8.6
cpe:2.3:a:cisco:unified_communications_domain_manager:8.6:*:*:*:*:*:*:*
Matching versions
Cisco » Unified Communications Domain Manager » Version: 8.6(.2)
cpe:2.3:a:cisco:unified_communications_domain_manager:8.6\(.2\):*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-3279

EPSS FAQ

0.68%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 69 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-3279

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2014-3279

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-3279

http://tools.cisco.com/security/center/viewAlert.x?alertId=34381

Cisco Security
Vendor Advisory
http://secunia.com/advisories/58400

Sign in

CVEs referencing this url
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3279

Cisco Unified Communications Domain Manager Admin User Enumeration Vulnerability
Vendor Advisory
http://www.securitytracker.com/id/1030306

Cisco Unified Communications Domain Manager Multiple Flaws Let Remote Users Obtain Potentially Sensitive Information - SecurityTracker

CVEs referencing this url
http://www.securityfocus.com/bid/67663

Cisco Unified Communications Domain Manager VOSS Operating System User Enumeration Vulnerability
http://secunia.com/advisories/58657

Sign in

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-3279

Products affected by CVE-2014-3279

Exploit prediction scoring system (EPSS) score for CVE-2014-3279

CVSS scores for CVE-2014-3279

CWE ids for CVE-2014-3279

References for CVE-2014-3279