CVE-2014-3278
First published: Sun Jun 08 2014(Updated: )
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Domain Manager Platform |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3278?
CVE-2014-3278 is considered to have a medium severity level due to improper access control that allows account enumeration.
How do I fix CVE-2014-3278?
To fix CVE-2014-3278, you should apply the latest security patches provided by Cisco for the Unified Communications Domain Manager.
What systems are affected by CVE-2014-3278?
CVE-2014-3278 affects Cisco Unified Communications Domain Manager across various versions.
What type of vulnerability is CVE-2014-3278?
CVE-2014-3278 is an access control vulnerability that allows remote attackers to enumerate accounts.
Can CVE-2014-3278 be exploited remotely?
Yes, CVE-2014-3278 can be exploited remotely by attackers through specific web pages in the affected system.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified communications domain manager platform