CVE-2014-0732
First published: Thu Feb 20 2014(Updated: )
The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager | <=10.0\(1\) | |
| Cisco Unified Communications Manager | =3.3\(5\) | |
| Cisco Unified Communications Manager | =3.3\(5\)sr1 | |
| Cisco Unified Communications Manager | =3.3\(5\)sr2a | |
| Cisco Unified Communications Manager | =4.1\(3\) | |
| Cisco Unified Communications Manager | =4.1\(3\)sr1 | |
| Cisco Unified Communications Manager | =4.1\(3\)sr2 | |
| Cisco Unified Communications Manager | =4.1\(3\)sr3 | |
| Cisco Unified Communications Manager | =4.1\(3\)sr4 | |
| Cisco Unified Communications Manager | =4.2 | |
| Cisco Unified Communications Manager | =4.2.1 | |
| Cisco Unified Communications Manager | =4.2.2 | |
| Cisco Unified Communications Manager | =4.2.3 | |
| Cisco Unified Communications Manager | =4.2.3sr1 | |
| Cisco Unified Communications Manager | =4.2.3sr2 | |
| Cisco Unified Communications Manager | =4.2.3sr2b | |
| Cisco Unified Communications Manager | =4.3 | |
| Cisco Unified Communications Manager | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-0732?
CVE-2014-0732 has a CVSS score indicating a medium severity vulnerability.
How do I fix CVE-2014-0732?
To mitigate CVE-2014-0732, upgrade to a fixed version of Cisco Unified Communications Manager beyond 10.0(1).
What systems are affected by CVE-2014-0732?
CVE-2014-0732 affects Cisco Unified Communications Manager versions up to and including 10.0(1) and multiple earlier versions.
What type of vulnerability is CVE-2014-0732?
CVE-2014-0732 is classified as an authentication bypass vulnerability.
Can CVE-2014-0732 be exploited remotely?
Yes, CVE-2014-0732 allows remote attackers to read application files without proper authentication.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified communications manager
- version/cisco unified communications manager/10.0\(1\)
- version/cisco unified communications manager/3.3\(5\)
- version/cisco unified communications manager/3.3\(5\)sr1
- version/cisco unified communications manager/3.3\(5\)sr2a
- version/cisco unified communications manager/4.1\(3\)
- version/cisco unified communications manager/4.1\(3\)sr1
- version/cisco unified communications manager/4.1\(3\)sr2
- version/cisco unified communications manager/4.1\(3\)sr3
- version/cisco unified communications manager/4.1\(3\)sr4
- version/cisco unified communications manager/4.2
- version/cisco unified communications manager/4.2.1
- version/cisco unified communications manager/4.2.2
- version/cisco unified communications manager/4.2.3
- version/cisco unified communications manager/4.2.3sr1
- version/cisco unified communications manager/4.2.3sr2
- version/cisco unified communications manager/4.2.3sr2b
- version/cisco unified communications manager/4.3
- version/cisco unified communications manager/10.0