Vulnerability Details CVE-2014-3278
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/58657
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3278
- http://www.securityfocus.com/bid/67924
- http://secunia.com/advisories/58657
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3278
- http://www.securityfocus.com/bid/67924
Products affected by CVE-2014-3278
-
cpe:2.3:a:cisco:unified_communications_domain_manager:-