CVE-2014-3332

Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=35198	Vendor Advisory
http://www.securitytracker.com/id/1030687
http://www.securityfocus.com/bid/69068
https://exchange.xforce.ibmcloud.com/vulnerabilities/95136

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*

Information

Published : 2014-08-11 13:55

Updated : 2017-08-28 18:34

NVD link : CVE-2014-3332

Mitre link : CVE-2014-3332

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

cisco

unified_communications_manager

4.0 /10