CVE-2014-2197

Published: Jul 7, 2014Modified: May 6, 2026

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 8.0 / Impact: 10.0

Source: NVD

Description

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862.

Affected (2)

Products: Cisco: Unified Cdm Application Software, Unified Communications Domain Manager

2 products

Unified Cdm Application Software

Unified Communications Domain Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Cdm Application Software	Up to 8.1
Cisco Unified Communications Domain Manager	All versions

Related CWEs

References (10)

http://secunia.com/advisories/59573

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689

Source: psirt@cisco.com

http://www.securityfocus.com/bid/68333

Source: psirt@cisco.com

http://www.securitytracker.com/id/1030515

Source: psirt@cisco.com

http://secunia.com/advisories/59573

Source: af854a3a-2127-422b-91ae-364da2661108

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/68333

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030515

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.