Sign-up

ID

VAR-201405-0351


CVE

CVE-2014-3279


TITLE

Cisco Unified Communications Domain Manager of VOSS of Web Vulnerability in enumerating account names in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-002679

DESCRIPTION

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643. Vendors have confirmed this vulnerability Bug ID CSCun39631 and CSCun39643 It is released as.Skillfully crafted by a third party URL Account names may be enumerated via. Cisco Unified Communications Domain Manager is prone to a user-enumeration vulnerability. An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks. This issue being tracked by Cisco Bug IDs CSCun39631 and CSCun39643. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. A remote attacker could use a specially crafted URL to exploit this vulnerability to enumerate user accounts

Trust: 2.07

sources: NVD: CVE-2014-3279 // JVNDB: JVNDB-2014-002679 // BID: 67663 // VULHUB: VHN-71219 // VULMON: CVE-2014-3279

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.6

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:eqversion:9.0

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.6\(.2\)

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:eqversion:7.4

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:lteversion:9.0\(.1\)

Trust: 1.0

vendor:ciscomodel:unified communications domain managerscope:lteversion:9.0(.1)

Trust: 0.8

vendor:ciscomodel:unified communications domain managerscope:eqversion:9.0\(.1\)

Trust: 0.6

sources: JVNDB: JVNDB-2014-002679 // CNNVD: CNNVD-201405-564 // NVD: CVE-2014-3279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3279
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3279
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201405-564
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71219
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-3279
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3279
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-71219
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71219 // VULMON: CVE-2014-3279 // JVNDB: JVNDB-2014-002679 // CNNVD: CNNVD-201405-564 // NVD: CVE-2014-3279

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-71219 // JVNDB: JVNDB-2014-002679 // NVD: CVE-2014-3279

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-564

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201405-564

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002679

PATCH
title:Cisco Unified Communications Domain Manager Admin User Enumeration Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3279
Trust: 0.8
title:34381url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34381
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002679

EXTERNAL IDS
db:NVDid:CVE-2014-3279
Trust: 2.9
db:BIDid:67663
Trust: 1.5
db:SECTRACKid:1030306
Trust: 1.2
db:SECUNIAid:58657
Trust: 1.2
db:SECUNIAid:58400
Trust: 1.2
db:JVNDBid:JVNDB-2014-002679
Trust: 0.8
db:CNNVDid:CNNVD-201405-564
Trust: 0.7
db:CISCOid:20140527 CISCO UNIFIED COMMUNICATIONS DOMAIN MANAGER ADMIN USER ENUMERATION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-71219
Trust: 0.1
db:VULMONid:CVE-2014-3279
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71219 // 
            
            
            
            VULMON: CVE-2014-3279 // 
            
            
            
            BID: 67663 // 
            
            
            
            JVNDB: JVNDB-2014-002679 // 
            
            
            
            CNNVD: CNNVD-201405-564 // 
            
            
            
            NVD: CVE-2014-3279

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3279
Trust: 1.8
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34381
Trust: 1.8
url:http://www.securityfocus.com/bid/67663
Trust: 1.2
url:http://www.securitytracker.com/id/1030306
Trust: 1.2
url:http://secunia.com/advisories/58400
Trust: 1.2
url:http://secunia.com/advisories/58657
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3279
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3279
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71219 // 
            
            
            
            VULMON: CVE-2014-3279 // 
            
            
            
            BID: 67663 // 
            
            
            
            JVNDB: JVNDB-2014-002679 // 
            
            
            
            CNNVD: CNNVD-201405-564 // 
            
            
            
            NVD: CVE-2014-3279

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67663

SOURCES
db:VULHUBid:VHN-71219
db:VULMONid:CVE-2014-3279
db:BIDid:67663
db:JVNDBid:JVNDB-2014-002679
db:CNNVDid:CNNVD-201405-564
db:NVDid:CVE-2014-3279

LAST UPDATE DATE
2025-04-13T23:04:59.934000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71219date:2015-12-04T00:00:00
db:VULMONid:CVE-2014-3279date:2015-12-04T00:00:00
db:BIDid:67663date:2014-05-29T00:48:00
db:JVNDBid:JVNDB-2014-002679date:2014-06-02T00:00:00
db:CNNVDid:CNNVD-201405-564date:2014-06-10T00:00:00
db:NVDid:CVE-2014-3279date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-71219date:2014-05-29T00:00:00
db:VULMONid:CVE-2014-3279date:2014-05-29T00:00:00
db:BIDid:67663date:2014-05-27T00:00:00
db:JVNDBid:JVNDB-2014-002679date:2014-06-02T00:00:00
db:CNNVDid:CNNVD-201405-564date:2014-05-29T00:00:00
db:NVDid:CVE-2014-3279date:2014-05-29T17:55:05.210