Vulnerability Details : CVE-2014-3300
Public exploit exists!
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041.
Products affected by CVE-2014-3300
- cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_cdm_application_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_cdm_application_software:8.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3300
1.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-3300
-
Viproy CUCDM IP Phone XML Services - Speed Dial Attack Tool
First seen: 2020-04-26auxiliary/voip/cisco_cucdm_speed_dialsThe BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM), before version 10, doesn't implement access control properly, which allows remote attackers to modify user information. This module exploits the vulnerability to make unauth -
Viproy CUCDM IP Phone XML Services - Call Forwarding Tool
First seen: 2020-04-26auxiliary/voip/cisco_cucdm_call_forwardThe BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) 10 does not properly implement access control, which allows remote attackers to modify user information. This module exploits the vulnerability to configure unauthorized call
CVSS scores for CVE-2014-3300
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-3300
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3300
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm
Multiple Vulnerabilities in Cisco Unified Communications Domain ManagerVendor Advisory
-
http://www.securityfocus.com/bid/68331
Cisco Unified Communications Domain Manager BVSMWeb CVE-2014-3300 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1030515
Cisco Unified Communications Domain Manager Bugs Let Remote Users Access the System and Remote Authenticated Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689
Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain ManagerVendor Advisory
Jump to