CVE-2014-3332

Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=35198	Vendor Advisory
http://www.securityfocus.com/bid/69068
http://www.securitytracker.com/id/1030687
https://exchange.xforce.ibmcloud.com/vulnerabilities/95136

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-08-11 20:55

Updated : 2023-12-10 11:31

NVD link : CVE-2014-3332

Mitre link : CVE-2014-3332

CVE.ORG link : CVE-2014-3332

JSON object : View

Products Affected

cisco

unified_communications_manager

CWE

NVD-CWE-noinfo

{"id": "CVE-2014-3332", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-11T20:55:07.107", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35198", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/69068", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1030687", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95136", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029."}, {"lang": "es", "value": "Cisco Unified Communications Manager (CM) 8.6(.2) y anteriores tiene una configuraci\u00f3n de restricciones CLI incorrecta, lo que permite a usuarios remotos autenticados establecer inicios de sesi\u00f3n concurrentes sin detecci\u00f3n a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCup98029."}], "lastModified": "2017-08-29T01:34:42.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4180A0F5-B308-490A-9854-A12FD31D58E3", "versionEndIncluding": "8.6\\(2\\)"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}