Vulnerability Details : CVE-2014-3320
Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835.
Vulnerability category: Open redirect
Products affected by CVE-2014-3320
- cpe:2.3:a:cisco:unified_communications_domain_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_domain_manager:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\(.3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\(.1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\(.2\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3320
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3320
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
References for CVE-2014-3320
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=34960
Cisco Unified Communications Domain Manager Admin HTTP Redirect VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1030613
Cisco Unified Communications Domain Manager Input Validation Flaw Permits Open Redirect Attacks - SecurityTrackerThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3320
Cisco Unified Communications Domain Manager Admin HTTP Redirect VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/68694
Cisco Unified Communications Domain Manager Admin HTTP Open Redirection VulnerabilityThird Party Advisory;VDB Entry
Jump to