CVE-2014-3300
First published: Mon Jul 07 2014(Updated: )
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified CDM Application Software | <=8.1.4 | |
| Cisco Unified CDM Application Software | =8.1 | |
| Cisco Unified Communications Domain Manager |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3300?
CVE-2014-3300 is rated as a medium severity vulnerability.
How do I fix CVE-2014-3300?
To fix CVE-2014-3300, upgrade to Cisco Unified CDM Application Software version 10 or later.
What impact does CVE-2014-3300 have on affected systems?
CVE-2014-3300 allows remote attackers to modify user information without proper access control.
Which Cisco products are affected by CVE-2014-3300?
CVE-2014-3300 affects Cisco Unified Communications Domain Manager before version 10 and certain versions of Cisco Unified CDM Application Software.
Can CVE-2014-3300 be exploited remotely?
Yes, CVE-2014-3300 can be exploited remotely via a crafted URL.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified cdm application software
- version/cisco unified cdm application software/8.1.4
- version/cisco unified cdm application software/8.1
- canonical/cisco unified communications domain manager