Details of VAR-201405-0352

ID

VAR-201405-0352

CVE

CVE-2014-3282

TITLE

Cisco Unified Communications Domain Manager of VOSS of Web Vulnerability in obtaining important number conversion information in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-002680

DESCRIPTION

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930. Vendors have confirmed this vulnerability Bug ID CSCum76930 It is released as.By a remotely authenticated user Location Administrator Authorized and crafted URL , You may get important number translation information. Cisco Unified Communications Domain Manager is prone to an information-disclosure vulnerability. Attackers can exploit this issue to retrieve sensitive information like Admin number translation. Information harvested may aid in launching further attacks. This issue is tracked by Cisco Bug ID CSCum76930. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.98

sources: NVD: CVE-2014-3282 // JVNDB: JVNDB-2014-002680 // BID: 67666 // VULHUB: VHN-71222

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.6	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	9.0	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.6\(.2\)	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	7.4	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	lte	version:	9.0\(.1\)	Trust: 1.0
vendor:	cisco	model:	unified communications domain manager	scope:	lte	version:	9.0(.1)	Trust: 0.8
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	9.0\(.1\)	Trust: 0.6

sources: JVNDB: JVNDB-2014-002680 // CNNVD: CNNVD-201405-565 // NVD: CVE-2014-3282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3282
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3282
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201405-565
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71222
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3282
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71222
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71222 // JVNDB: JVNDB-2014-002680 // CNNVD: CNNVD-201405-565 // NVD: CVE-2014-3282

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-71222 // JVNDB: JVNDB-2014-002680 // NVD: CVE-2014-3282

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-565

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201405-565

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002680

PATCH

title:	Cisco Unified Communications Domain Manager Admin Number Translation Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3282	Trust: 0.8
title:	34382	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34382	Trust: 0.8

sources: JVNDB: JVNDB-2014-002680

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3282	Trust: 2.8
db:	BID	id:	67666	Trust: 1.4
db:	SECTRACK	id:	1030306	Trust: 1.1
db:	SECUNIA	id:	58400	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-002680	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-565	Trust: 0.7
db:	CISCO	id:	20140527 CISCO UNIFIED COMMUNICATIONS DOMAIN MANAGER ADMIN NUMBER TRANSLATION INFORMATION DISCLOSURE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-71222	Trust: 0.1

sources: VULHUB: VHN-71222 // BID: 67666 // JVNDB: JVNDB-2014-002680 // CNNVD: CNNVD-201405-565 // NVD: CVE-2014-3282

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3282	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34382	Trust: 1.7
url:	http://www.securityfocus.com/bid/67666	Trust: 1.1
url:	http://www.securitytracker.com/id/1030306	Trust: 1.1
url:	http://secunia.com/advisories/58400	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3282	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3282	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-71222 // BID: 67666 // JVNDB: JVNDB-2014-002680 // CNNVD: CNNVD-201405-565 // NVD: CVE-2014-3282

CREDITS

Cisco

Trust: 0.3

sources: BID: 67666

SOURCES

db:	VULHUB	id:	VHN-71222
db:	BID	id:	67666
db:	JVNDB	id:	JVNDB-2014-002680
db:	CNNVD	id:	CNNVD-201405-565
db:	NVD	id:	CVE-2014-3282

LAST UPDATE DATE

2025-04-13T23:04:59.811000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71222	date:	2016-09-07T00:00:00
db:	BID	id:	67666	date:	2014-05-29T00:48:00
db:	JVNDB	id:	JVNDB-2014-002680	date:	2014-06-02T00:00:00
db:	CNNVD	id:	CNNVD-201405-565	date:	2014-06-03T00:00:00
db:	NVD	id:	CVE-2014-3282	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71222	date:	2014-05-29T00:00:00
db:	BID	id:	67666	date:	2014-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2014-002680	date:	2014-06-02T00:00:00
db:	CNNVD	id:	CNNVD-201405-565	date:	2014-05-29T00:00:00
db:	NVD	id:	CVE-2014-3282	date:	2014-05-29T17:55:05.273