Details of VAR-201406-0301

ID

VAR-201406-0301

CVE

CVE-2014-3278

TITLE

Cisco Unified Communications Domain Manager of VOSS of Web Account enumeration vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-002786

DESCRIPTION

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572. Vendors have confirmed this vulnerability Bug ID CSCun39619 and CSCun45572 It is released as.Unspecified by a third party BVSMWeb Web Accessing the page may enumerate your account. An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks. This issue being tracked by Cisco Bug IDs CSCun39619, CSCun45572. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 2.07

sources: NVD: CVE-2014-3278 // JVNDB: JVNDB-2014-002786 // BID: 67924 // VULHUB: VHN-71218 // VULMON: CVE-2014-3278

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2014-002786 // CNNVD: CNNVD-201406-099 // NVD: CVE-2014-3278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3278
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3278
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201406-099
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71218
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-3278
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3278
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-71218
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71218 // VULMON: CVE-2014-3278 // JVNDB: JVNDB-2014-002786 // CNNVD: CNNVD-201406-099 // NVD: CVE-2014-3278

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-71218 // JVNDB: JVNDB-2014-002786 // NVD: CVE-2014-3278

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-099

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201406-099

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002786

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-71218

PATCH

title:

Cisco Unified Communications Domain Manager BVSMWeb User Enumeration Vulnerability

url:

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3278

Trust: 0.8

sources: JVNDB: JVNDB-2014-002786

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3278	Trust: 2.9
db:	BID	id:	67924	Trust: 1.5
db:	SECUNIA	id:	58657	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-002786	Trust: 0.8
db:	CNNVD	id:	CNNVD-201406-099	Trust: 0.7
db:	CISCO	id:	20140606 CISCO UNIFIED COMMUNICATIONS DOMAIN MANAGER BVSMWEB USER ENUMERATION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-71218	Trust: 0.1
db:	VULMON	id:	CVE-2014-3278	Trust: 0.1

sources: VULHUB: VHN-71218 // VULMON: CVE-2014-3278 // BID: 67924 // JVNDB: JVNDB-2014-002786 // CNNVD: CNNVD-201406-099 // NVD: CVE-2014-3278

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3278	Trust: 1.8
url:	http://www.securityfocus.com/bid/67924	Trust: 1.3
url:	http://secunia.com/advisories/58657	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3278	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3278	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-71218 // VULMON: CVE-2014-3278 // BID: 67924 // JVNDB: JVNDB-2014-002786 // CNNVD: CNNVD-201406-099 // NVD: CVE-2014-3278

CREDITS

Cisco

Trust: 0.3

sources: BID: 67924

SOURCES

db:	VULHUB	id:	VHN-71218
db:	VULMON	id:	CVE-2014-3278
db:	BID	id:	67924
db:	JVNDB	id:	JVNDB-2014-002786
db:	CNNVD	id:	CNNVD-201406-099
db:	NVD	id:	CVE-2014-3278

LAST UPDATE DATE

2025-04-13T23:04:59.900000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71218	date:	2015-12-04T00:00:00
db:	VULMON	id:	CVE-2014-3278	date:	2015-12-04T00:00:00
db:	BID	id:	67924	date:	2014-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-002786	date:	2014-06-10T00:00:00
db:	CNNVD	id:	CNNVD-201406-099	date:	2014-06-09T00:00:00
db:	NVD	id:	CVE-2014-3278	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71218	date:	2014-06-08T00:00:00
db:	VULMON	id:	CVE-2014-3278	date:	2014-06-08T00:00:00
db:	BID	id:	67924	date:	2014-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-002786	date:	2014-06-10T00:00:00
db:	CNNVD	id:	CNNVD-201406-099	date:	2014-06-09T00:00:00
db:	NVD	id:	CVE-2014-3278	date:	2014-06-08T16:55:02.673