CVE-2014-3279 - Vulnerability Details - OpenCVE

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00677.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Unified Communications Domain Manager

Configuration 1 [-]

OR	cpe:2.3:a:cisco:unified_communications_domain_manager::::::::
	cpe:2.3:a:cisco:unified_communications_domain_manager:7.4:::::::*
	cpe:2.3:a:cisco:unified_communications_domain_manager:8.6:::::::*
	cpe:2.3:a:cisco:unified_communications_domain_manager:8.6\(.2\):::::::*
	cpe:2.3:a:cisco:unified_communications_domain_manager:9.0:::::::*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/58400
http://secunia.com/advisories/58657
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3279
http://tools.cisco.com/security/center/viewAlert.x?alertId=34381
http://www.securityfocus.com/bid/67663
http://www.securitytracker.com/id/1030306

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2014-05-29T17:00:00

Updated: 2024-08-06T10:35:57.157Z

Reserved: 2014-05-07T00:00:00

Link: CVE-2014-3279

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-05-29T17:55:05.210

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-3279

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-27T00:00:00", "descriptions": [{"lang": "en", "value": "The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-07-07T17:57:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1030306", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030306"}, {"name": "20140527 Cisco Unified Communications Domain Manager Admin User Enumeration Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3279"}, {"name": "58657", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/58657"}, {"name": "67663", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67663"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34381"}, {"name": "58400", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/58400"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2014-3279", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1030306", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030306"}, {"name": "20140527 Cisco Unified Communications Domain Manager Admin User Enumeration Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3279"}, {"name": "58657", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58657"}, {"name": "67663", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67663"}, {"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34381", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34381"}, {"name": "58400", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58400"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:35:57.157Z"}, "title": "CVE Program Container", "references": [{"name": "1030306", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030306"}, {"name": "20140527 Cisco Unified Communications Domain Manager Admin User Enumeration Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3279"}, {"name": "58657", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/58657"}, {"name": "67663", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67663"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34381"}, {"name": "58400", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/58400"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2014-3279", "datePublished": "2014-05-29T17:00:00", "dateReserved": "2014-05-07T00:00:00", "dateUpdated": "2024-08-06T10:35:57.157Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_domain_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "85D5C374-75F5-4738-92ED-EC1A85BBD32D", "versionEndIncluding": "9.0\\(.1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_domain_manager:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "B4910F03-9492-4AC2-8204-8EF4F6196E8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_domain_manager:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "47308017-16FE-497C-A18A-B6AD39F943DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_domain_manager:8.6\\(.2\\):*:*:*:*:*:*:*", "matchCriteriaId": "A8DC4711-3E51-474E-8013-7A76DF916C60", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_domain_manager:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "AAD0CC9F-3460-40CC-A8DC-8298DEACCAE1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643."}, {"lang": "es", "value": "La interfaz gr\u00e1fica de usuario (GUI) Administration en el Framewrok web en VOSS en Cisco Unified Communications Domain Manager (CDM) 9.0(.1) y anteriores no implementa debidamente control de acceso, lo que permite a atacantes remotos enumerar nombres de cuentas a trav\u00e9s de una URL manipulada, tambi\u00e9n conocido como Bug IDs CSCun39631 y CSCun39643."}], "id": "CVE-2014-3279", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-29T17:55:05.210", "references": [{"source": "psirt@cisco.com", "url": "http://secunia.com/advisories/58400"}, {"source": "psirt@cisco.com", "url": "http://secunia.com/advisories/58657"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3279"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34381"}, {"source": "psirt@cisco.com", "url": "http://www.securityfocus.com/bid/67663"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1030306"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/58400"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/58657"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3279"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34381"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/67663"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030306"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}