Details of VAR-201406-0302

ID

VAR-201406-0302

CVE

CVE-2014-3280

TITLE

Cisco Unified Communications Domain Manager of VOSS of Web Vulnerability in obtaining important user information in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-002722

DESCRIPTION

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116. Attackers can exploit this issue to retrieve sensitive information. Information harvested may aid in launching further attacks. This issue is tracked by Cisco Bug IDs CSCun46045 and CSCun46116. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.98

sources: NVD: CVE-2014-3280 // JVNDB: JVNDB-2014-002722 // BID: 67661 // VULHUB: VHN-71220

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.6	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	9.0	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.6\(.2\)	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	7.4	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	lte	version:	9.0\(.1\)	Trust: 1.0
vendor:	cisco	model:	unified communications domain manager	scope:	lte	version:	9.0(.1)	Trust: 0.8
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	9.0\(.1\)	Trust: 0.6

sources: JVNDB: JVNDB-2014-002722 // CNNVD: CNNVD-201406-023 // NVD: CVE-2014-3280

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3280
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3280
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201406-023
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71220
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3280
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71220
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71220 // JVNDB: JVNDB-2014-002722 // CNNVD: CNNVD-201406-023 // NVD: CVE-2014-3280

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-71220 // JVNDB: JVNDB-2014-002722 // NVD: CVE-2014-3280

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-023

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201406-023

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002722

PATCH

title:	cisco-sa-20110223-asa	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110223-asa	Trust: 0.8
title:	Cisco Unified Communications Domain Manager Admin Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3280	Trust: 0.8
title:	34379	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34379	Trust: 0.8
title:	cisco-sa-20110223-asa	url:	http://www.cisco.com/cisco/web/support/JP/110/1103/1103980_cisco-sa-20110223-asa-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-002722

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3280	Trust: 2.8
db:	BID	id:	67661	Trust: 1.4
db:	SECTRACK	id:	1030306	Trust: 1.1
db:	SECUNIA	id:	58400	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-002722	Trust: 0.8
db:	CNNVD	id:	CNNVD-201406-023	Trust: 0.7
db:	CISCO	id:	20140527 CISCO UNIFIED COMMUNICATIONS DOMAIN MANAGER ADMIN INFORMATION DISCLOSURE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-71220	Trust: 0.1

sources: VULHUB: VHN-71220 // BID: 67661 // JVNDB: JVNDB-2014-002722 // CNNVD: CNNVD-201406-023 // NVD: CVE-2014-3280

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3280	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34379	Trust: 1.7
url:	http://www.securityfocus.com/bid/67661	Trust: 1.1
url:	http://www.securitytracker.com/id/1030306	Trust: 1.1
url:	http://secunia.com/advisories/58400	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3280	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3280	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-71220 // BID: 67661 // JVNDB: JVNDB-2014-002722 // CNNVD: CNNVD-201406-023 // NVD: CVE-2014-3280

CREDITS

Cisco

Trust: 0.3

sources: BID: 67661

SOURCES

db:	VULHUB	id:	VHN-71220
db:	BID	id:	67661
db:	JVNDB	id:	JVNDB-2014-002722
db:	CNNVD	id:	CNNVD-201406-023
db:	NVD	id:	CVE-2014-3280

LAST UPDATE DATE

2025-04-13T23:04:59.841000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71220	date:	2016-09-07T00:00:00
db:	BID	id:	67661	date:	2014-05-29T00:48:00
db:	JVNDB	id:	JVNDB-2014-002722	date:	2014-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201406-023	date:	2014-06-05T00:00:00
db:	NVD	id:	CVE-2014-3280	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71220	date:	2014-06-03T00:00:00
db:	BID	id:	67661	date:	2014-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2014-002722	date:	2014-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201406-023	date:	2014-06-05T00:00:00
db:	NVD	id:	CVE-2014-3280	date:	2014-06-03T04:44:49.417