Details of VAR-201407-0365

ID

VAR-201407-0365

CVE

CVE-2014-3300

TITLE

Cisco Unified CDM Application Software of Cisco Unified Communications Domain Manager Vulnerability in changing user information

Trust: 0.8

sources: JVNDB: JVNDB-2014-003227

DESCRIPTION

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041. Vendors have confirmed this vulnerability Bug ID CSCum77041 It is released as.Skillfully crafted by a third party URL Via, user information may be changed. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCum77041. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.98

sources: NVD: CVE-2014-3300 // JVNDB: JVNDB-2014-003227 // BID: 68331 // VULHUB: VHN-71240

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified cdm application software	scope:	eq	version:	8.1	Trust: 1.6
vendor:	cisco	model:	unified cdm application software	scope:	lte	version:	8.1.4	Trust: 1.0
vendor:	cisco	model:	unified communications domain manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified cdm application software	scope:	lt	version:	10	Trust: 0.8
vendor:	cisco	model:	unified cdm application software	scope:	eq	version:	8.1.4	Trust: 0.6

sources: JVNDB: JVNDB-2014-003227 // CNNVD: CNNVD-201407-179 // NVD: CVE-2014-3300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3300
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3300
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201407-179
value:	HIGH
Trust: 0.6
VULHUB:	VHN-71240
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3300
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71240
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71240 // JVNDB: JVNDB-2014-003227 // CNNVD: CNNVD-201407-179 // NVD: CVE-2014-3300

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-71240 // JVNDB: JVNDB-2014-003227 // NVD: CVE-2014-3300

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-179

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201407-179

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003227

PATCH

title:	34689	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689	Trust: 0.8
title:	cisco-sa-20140702-cucdm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm	Trust: 0.8
title:	34792	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34792	Trust: 0.8
title:	cisco-sa-20140702-cucdm	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122753_cisco-sa-20140702-cucdm-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-003227

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3300	Trust: 2.8
db:	BID	id:	68331	Trust: 1.4
db:	SECUNIA	id:	59556	Trust: 1.1
db:	SECTRACK	id:	1030515	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-003227	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-179	Trust: 0.7
db:	VULHUB	id:	VHN-71240	Trust: 0.1

sources: VULHUB: VHN-71240 // BID: 68331 // JVNDB: JVNDB-2014-003227 // CNNVD: CNNVD-201407-179 // NVD: CVE-2014-3300

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140702-cucdm	Trust: 1.7
url:	http://www.securityfocus.com/bid/68331	Trust: 1.1
url:	http://tools.cisco.com/security/center/viewambalert.x?alertid=34689	Trust: 1.1
url:	http://www.securitytracker.com/id/1030515	Trust: 1.1
url:	http://secunia.com/advisories/59556	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3300	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3300	Trust: 0.8
url:	www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-71240 // BID: 68331 // JVNDB: JVNDB-2014-003227 // CNNVD: CNNVD-201407-179 // NVD: CVE-2014-3300

CREDITS

Fatih Ozavci from Sense of Security

Trust: 0.3

sources: BID: 68331

SOURCES

db:	VULHUB	id:	VHN-71240
db:	BID	id:	68331
db:	JVNDB	id:	JVNDB-2014-003227
db:	CNNVD	id:	CNNVD-201407-179
db:	NVD	id:	CVE-2014-3300

LAST UPDATE DATE

2025-04-13T23:04:56.996000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71240	date:	2017-01-12T00:00:00
db:	BID	id:	68331	date:	2014-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-003227	date:	2014-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201407-179	date:	2014-07-08T00:00:00
db:	NVD	id:	CVE-2014-3300	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71240	date:	2014-07-07T00:00:00
db:	BID	id:	68331	date:	2014-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-003227	date:	2014-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201407-179	date:	2014-07-08T00:00:00
db:	NVD	id:	CVE-2014-3300	date:	2014-07-07T11:01:30.180