Sign-up

ID

VAR-201406-0303


CVE

CVE-2014-3281


TITLE

Cisco Unified Communications Domain Manager of VOSS of Web Vulnerability in obtaining important user information in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-002787

DESCRIPTION

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101. Vendors have confirmed this vulnerability Bug ID CSCun46071 and CSCun46101 It is released as.Unspecified by a third party BVSMWeb Web By accessing the page, important user information may be obtained. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCun46071 and CSCun46101. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.98

sources: NVD: CVE-2014-3281 // JVNDB: JVNDB-2014-002787 // BID: 67925 // VULHUB: VHN-71221

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications domain managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2014-002787 // CNNVD: CNNVD-201406-100 // NVD: CVE-2014-3281

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3281
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3281
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201406-100
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71221
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3281
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71221
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71221 // JVNDB: JVNDB-2014-002787 // CNNVD: CNNVD-201406-100 // NVD: CVE-2014-3281

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-71221 // JVNDB: JVNDB-2014-002787 // NVD: CVE-2014-3281

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-100

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201406-100

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002787

PATCH
title:Cisco Unified Communications Domain Manager BVSMWeb Information Disclosure Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3281
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002787

EXTERNAL IDS
db:NVDid:CVE-2014-3281
Trust: 2.8
db:BIDid:67925
Trust: 1.4
db:SECUNIAid:58657
Trust: 1.1
db:JVNDBid:JVNDB-2014-002787
Trust: 0.8
db:CNNVDid:CNNVD-201406-100
Trust: 0.7
db:CISCOid:20140606 CISCO UNIFIED COMMUNICATIONS DOMAIN MANAGER BVSMWEB INFORMATION DISCLOSURE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-71221
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71221 // 
            
            
            
            BID: 67925 // 
            
            
            
            JVNDB: JVNDB-2014-002787 // 
            
            
            
            CNNVD: CNNVD-201406-100 // 
            
            
            
            NVD: CVE-2014-3281

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3281
Trust: 2.0
url:http://www.securityfocus.com/bid/67925
Trust: 1.1
url:http://secunia.com/advisories/58657
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3281
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3281
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71221 // 
            
            
            
            BID: 67925 // 
            
            
            
            JVNDB: JVNDB-2014-002787 // 
            
            
            
            CNNVD: CNNVD-201406-100 // 
            
            
            
            NVD: CVE-2014-3281

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67925

SOURCES
db:VULHUBid:VHN-71221
db:BIDid:67925
db:JVNDBid:JVNDB-2014-002787
db:CNNVDid:CNNVD-201406-100
db:NVDid:CVE-2014-3281

LAST UPDATE DATE
2025-04-13T23:04:59.870000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71221date:2015-12-04T00:00:00
db:BIDid:67925date:2014-06-06T00:00:00
db:JVNDBid:JVNDB-2014-002787date:2014-06-10T00:00:00
db:CNNVDid:CNNVD-201406-100date:2014-06-09T00:00:00
db:NVDid:CVE-2014-3281date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-71221date:2014-06-08T00:00:00
db:BIDid:67925date:2014-06-06T00:00:00
db:JVNDBid:JVNDB-2014-002787date:2014-06-10T00:00:00
db:CNNVDid:CNNVD-201406-100date:2014-06-09T00:00:00
db:NVDid:CVE-2014-3281date:2014-06-08T16:55:02.753