Sign-up

ID

VAR-201405-0350


CVE

CVE-2014-3277


TITLE

Cisco Unified Communications Domain Manager of VOSS Vulnerable to obtaining important user and group information

Trust: 0.8

sources: JVNDB: JVNDB-2014-002678

DESCRIPTION

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005. Cisco Unified Communications Domain Manager is prone to an information-disclosure vulnerability. Attackers can exploit this issue to retrieve sensitive information. Information harvested may aid in launching further attacks. This issue is tracked by Cisco Bug ID CSCum77005. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.98

sources: NVD: CVE-2014-3277 // JVNDB: JVNDB-2014-002678 // BID: 67664 // VULHUB: VHN-71217

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.6

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:eqversion:9.0

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.6\(.2\)

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:eqversion:7.4

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:lteversion:9.0\(.1\)

Trust: 1.0

vendor:ciscomodel:unified communications domain managerscope:lteversion:9.0(.1)

Trust: 0.8

vendor:ciscomodel:unified communications domain managerscope:eqversion:9.0\(.1\)

Trust: 0.6

sources: JVNDB: JVNDB-2014-002678 // CNNVD: CNNVD-201405-563 // NVD: CVE-2014-3277

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3277
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3277
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201405-563
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71217
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3277
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71217
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71217 // JVNDB: JVNDB-2014-002678 // CNNVD: CNNVD-201405-563 // NVD: CVE-2014-3277

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-71217 // JVNDB: JVNDB-2014-002678 // NVD: CVE-2014-3277

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-563

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201405-563

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002678

PATCH
title:Cisco Unified Communications Domain Manager Admin Information Disclosure Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3277
Trust: 0.8
title:34380url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34380
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002678

EXTERNAL IDS
db:NVDid:CVE-2014-3277
Trust: 2.8
db:BIDid:67664
Trust: 1.4
db:SECTRACKid:1030306
Trust: 1.1
db:SECUNIAid:58400
Trust: 1.1
db:JVNDBid:JVNDB-2014-002678
Trust: 0.8
db:CNNVDid:CNNVD-201405-563
Trust: 0.7
db:CISCOid:20140527 CISCO UNIFIED COMMUNICATIONS DOMAIN MANAGER ADMIN INFORMATION DISCLOSURE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-71217
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71217 // 
            
            
            
            BID: 67664 // 
            
            
            
            JVNDB: JVNDB-2014-002678 // 
            
            
            
            CNNVD: CNNVD-201405-563 // 
            
            
            
            NVD: CVE-2014-3277

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3277
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34380
Trust: 1.7
url:http://www.securityfocus.com/bid/67664
Trust: 1.1
url:http://www.securitytracker.com/id/1030306
Trust: 1.1
url:http://secunia.com/advisories/58400
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3277
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3277
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71217 // 
            
            
            
            BID: 67664 // 
            
            
            
            JVNDB: JVNDB-2014-002678 // 
            
            
            
            CNNVD: CNNVD-201405-563 // 
            
            
            
            NVD: CVE-2014-3277

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67664

SOURCES
db:VULHUBid:VHN-71217
db:BIDid:67664
db:JVNDBid:JVNDB-2014-002678
db:CNNVDid:CNNVD-201405-563
db:NVDid:CVE-2014-3277

LAST UPDATE DATE
2025-04-13T23:04:59.968000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71217date:2016-09-07T00:00:00
db:BIDid:67664date:2014-05-29T00:48:00
db:JVNDBid:JVNDB-2014-002678date:2014-06-02T00:00:00
db:CNNVDid:CNNVD-201405-563date:2014-06-10T00:00:00
db:NVDid:CVE-2014-3277date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-71217date:2014-05-29T00:00:00
db:BIDid:67664date:2014-05-27T00:00:00
db:JVNDBid:JVNDB-2014-002678date:2014-06-02T00:00:00
db:CNNVDid:CNNVD-201405-563date:2014-05-29T00:00:00
db:NVDid:CVE-2014-3277date:2014-05-29T17:55:05.133