Details of VAR-201407-0383

ID

VAR-201407-0383

CVE

CVE-2014-3320

TITLE

Cisco Unified Communications Domain Manager of Web Framework management Web Open redirect vulnerability in interface

Trust: 0.8

sources: JVNDB: JVNDB-2014-003478

DESCRIPTION

Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835. Vendors have confirmed this vulnerability Bug ID CSCuo48835 It is released as. Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. http://cwe.mitre.org/data/definitions/601.htmlSkillfully crafted unspecified script by a third party URL Any user through Web You may be redirected to a site and run a phishing attack. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.98

sources: NVD: CVE-2014-3320 // JVNDB: JVNDB-2014-003478 // BID: 68694 // VULHUB: VHN-71260

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1\(.2\)	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1\(.1\)	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1\(.3\)	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	lte	version:	8.1\(.4\)	Trust: 1.0
vendor:	cisco	model:	unified communications domain manager	scope:	lte	version:	8.1(.4)	Trust: 0.8
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1\(.4\)	Trust: 0.6

sources: JVNDB: JVNDB-2014-003478 // CNNVD: CNNVD-201407-470 // NVD: CVE-2014-3320

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3320
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3320
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201407-470
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71260
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3320
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71260
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71260 // JVNDB: JVNDB-2014-003478 // CNNVD: CNNVD-201407-470 // NVD: CVE-2014-3320

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-003478 // NVD: CVE-2014-3320

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-470

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201407-470

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003478

PATCH

title:	Cisco Unified Communications Domain Manager Admin HTTP Redirect Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3320	Trust: 0.8
title:	34960	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34960	Trust: 0.8

sources: JVNDB: JVNDB-2014-003478

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3320	Trust: 2.8
db:	BID	id:	68694	Trust: 1.4
db:	SECTRACK	id:	1030613	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-003478	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-470	Trust: 0.7
db:	VULHUB	id:	VHN-71260	Trust: 0.1

sources: VULHUB: VHN-71260 // BID: 68694 // JVNDB: JVNDB-2014-003478 // CNNVD: CNNVD-201407-470 // NVD: CVE-2014-3320

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3320	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34960	Trust: 1.7
url:	http://www.securityfocus.com/bid/68694	Trust: 1.1
url:	http://www.securitytracker.com/id/1030613	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3320	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3320	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-71260 // BID: 68694 // JVNDB: JVNDB-2014-003478 // CNNVD: CNNVD-201407-470 // NVD: CVE-2014-3320

CREDITS

Cisco

Trust: 0.3

sources: BID: 68694

SOURCES

db:	VULHUB	id:	VHN-71260
db:	BID	id:	68694
db:	JVNDB	id:	JVNDB-2014-003478
db:	CNNVD	id:	CNNVD-201407-470
db:	NVD	id:	CVE-2014-3320

LAST UPDATE DATE

2025-04-13T23:04:57.170000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71260	date:	2017-01-12T00:00:00
db:	BID	id:	68694	date:	2014-07-21T00:40:00
db:	JVNDB	id:	JVNDB-2014-003478	date:	2014-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201407-470	date:	2014-07-24T00:00:00
db:	NVD	id:	CVE-2014-3320	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71260	date:	2014-07-18T00:00:00
db:	BID	id:	68694	date:	2014-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-003478	date:	2014-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201407-470	date:	2014-07-24T00:00:00
db:	NVD	id:	CVE-2014-3320	date:	2014-07-18T00:55:04.877