Details of VAR-201405-0353

ID

VAR-201405-0353

CVE

CVE-2014-3283

TITLE

Cisco Unified Communications Domain Manager of VOSS of Web Open redirect vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-002681

DESCRIPTION

Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731. Vendors have confirmed this vulnerability Bug ID CSCun79731 It is released as. Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. http://cwe.mitre.org/data/definitions/601.htmlSkillfully crafted by a third party URL Any user through Web You may be redirected to a site and run a phishing attack. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.98

sources: NVD: CVE-2014-3283 // JVNDB: JVNDB-2014-002681 // BID: 67665 // VULHUB: VHN-71223

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.6	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	9.0	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.6\(.2\)	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	7.4	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	lte	version:	9.0\(.1\)	Trust: 1.0
vendor:	cisco	model:	unified communications domain manager	scope:	lte	version:	9.0(.1)	Trust: 0.8
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	9.0\(.1\)	Trust: 0.6

sources: JVNDB: JVNDB-2014-002681 // CNNVD: CNNVD-201405-566 // NVD: CVE-2014-3283

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3283
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3283
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201405-566
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71223
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3283
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71223
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71223 // JVNDB: JVNDB-2014-002681 // CNNVD: CNNVD-201405-566 // NVD: CVE-2014-3283

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-71223 // JVNDB: JVNDB-2014-002681 // NVD: CVE-2014-3283

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-566

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201405-566

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002681

PATCH

title:	Cisco Unified Communications Domain Manager Self-Care HTTP Redirect Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3283	Trust: 0.8
title:	34383	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34383	Trust: 0.8

sources: JVNDB: JVNDB-2014-002681

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3283	Trust: 2.8
db:	BID	id:	67665	Trust: 1.4
db:	SECTRACK	id:	1030306	Trust: 1.1
db:	SECUNIA	id:	58400	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-002681	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-566	Trust: 0.7
db:	CISCO	id:	20140527 CISCO UNIFIED COMMUNICATIONS DOMAIN MANAGER SELF-CARE HTTP REDIRECT VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-71223	Trust: 0.1

sources: VULHUB: VHN-71223 // BID: 67665 // JVNDB: JVNDB-2014-002681 // CNNVD: CNNVD-201405-566 // NVD: CVE-2014-3283

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3283	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34383	Trust: 1.7
url:	http://www.securityfocus.com/bid/67665	Trust: 1.1
url:	http://www.securitytracker.com/id/1030306	Trust: 1.1
url:	http://secunia.com/advisories/58400	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3283	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3283	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-71223 // BID: 67665 // JVNDB: JVNDB-2014-002681 // CNNVD: CNNVD-201405-566 // NVD: CVE-2014-3283

CREDITS

Cisco

Trust: 0.3

sources: BID: 67665

SOURCES

db:	VULHUB	id:	VHN-71223
db:	BID	id:	67665
db:	JVNDB	id:	JVNDB-2014-002681
db:	CNNVD	id:	CNNVD-201405-566
db:	NVD	id:	CVE-2014-3283

LAST UPDATE DATE

2025-04-13T23:04:59.999000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71223	date:	2016-09-07T00:00:00
db:	BID	id:	67665	date:	2014-05-29T00:48:00
db:	JVNDB	id:	JVNDB-2014-002681	date:	2014-06-02T00:00:00
db:	CNNVD	id:	CNNVD-201405-566	date:	2014-06-03T00:00:00
db:	NVD	id:	CVE-2014-3283	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71223	date:	2014-05-29T00:00:00
db:	BID	id:	67665	date:	2014-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2014-002681	date:	2014-06-02T00:00:00
db:	CNNVD	id:	CNNVD-201405-566	date:	2014-05-29T00:00:00
db:	NVD	id:	CVE-2014-3283	date:	2014-05-29T17:55:05.337