CVE-2014-0657

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
ciscounified_communications_manager
𝑥
≤ 9.1\(1\)
ciscounified_communications_manager
3.3\(5\)
ciscounified_communications_manager
3.3\(5\)sr1
ciscounified_communications_manager
3.3\(5\)sr2a
ciscounified_communications_manager
4.1\(3\)
ciscounified_communications_manager
4.1\(3\)sr1
ciscounified_communications_manager
4.1\(3\)sr2
ciscounified_communications_manager
4.1\(3\)sr3
ciscounified_communications_manager
4.1\(3\)sr4
ciscounified_communications_manager
4.2
ciscounified_communications_manager
4.2.1
ciscounified_communications_manager
4.2.2
ciscounified_communications_manager
4.2.3
ciscounified_communications_manager
4.2.3sr1:sr1
ciscounified_communications_manager
4.2.3sr2:sr2
ciscounified_communications_manager
4.2.3sr2b:sr2b
ciscounified_communications_manager
4.3
ciscounified_communications_manager
4.3\(1\)
ciscounified_communications_manager
5.0
ciscounified_communications_manager
5.1
ciscounified_communications_manager
5.1\(1\)
ciscounified_communications_manager
5.1\(1b\)
ciscounified_communications_manager
5.1\(1c\)
ciscounified_communications_manager
5.1\(2\)
ciscounified_communications_manager
5.1\(2a\)
ciscounified_communications_manager
5.1\(2b\)
ciscounified_communications_manager
5.1\(3\)
ciscounified_communications_manager
5.1\(3a\)
ciscounified_communications_manager
5.1\(3c\)
ciscounified_communications_manager
5.1\(3d\)
ciscounified_communications_manager
5.1\(3e\)
ciscounified_communications_manager
5.1.2
ciscounified_communications_manager
6.0
ciscounified_communications_manager
6.0\(1\)
ciscounified_communications_manager
6.0\(1a\)
ciscounified_communications_manager
6.0\(1b\)
ciscounified_communications_manager
6.1\(1\)
ciscounified_communications_manager
6.1\(1a\)
ciscounified_communications_manager
6.1\(1b\)
ciscounified_communications_manager
6.1\(2\)
ciscounified_communications_manager
6.1\(2\)su1
ciscounified_communications_manager
6.1\(2\)su1a
ciscounified_communications_manager
6.1\(3\)
ciscounified_communications_manager
6.1\(3a\)
ciscounified_communications_manager
6.1\(3b\)
ciscounified_communications_manager
6.1\(3b\)su1
ciscounified_communications_manager
6.1\(4\)
ciscounified_communications_manager
6.1\(4\)su1
ciscounified_communications_manager
6.1\(4a\)
ciscounified_communications_manager
6.1\(4a\)su2
ciscounified_communications_manager
6.1\(5\)
ciscounified_communications_manager
6.1\(5\)su1
ciscounified_communications_manager
6.1\(5\)su2
ciscounified_communications_manager
6.1\(5\)su3
ciscounified_communications_manager
7.0\(1\)su1
ciscounified_communications_manager
7.0\(1\)su1a
ciscounified_communications_manager
7.0\(2\)
ciscounified_communications_manager
7.0\(2a\)
ciscounified_communications_manager
7.0\(2a\)su1
ciscounified_communications_manager
7.0\(2a\)su2
ciscounified_communications_manager
7.1\(2a\)
ciscounified_communications_manager
7.1\(2a\)su1
ciscounified_communications_manager
7.1\(2b\)
ciscounified_communications_manager
7.1\(2b\)su1
ciscounified_communications_manager
7.1\(3\)
ciscounified_communications_manager
7.1\(3a\)
ciscounified_communications_manager
7.1\(3a\)su1
ciscounified_communications_manager
7.1\(3a\)su1a
ciscounified_communications_manager
7.1\(3b\)
ciscounified_communications_manager
7.1\(3b\)su1
ciscounified_communications_manager
7.1\(3b\)su2
ciscounified_communications_manager
7.1\(5\)
ciscounified_communications_manager
7.1\(5\)su1
ciscounified_communications_manager
7.1\(5\)su1a
ciscounified_communications_manager
7.1\(5a\)
ciscounified_communications_manager
7.1\(5b\)
ciscounified_communications_manager
7.1\(5b\)su1
ciscounified_communications_manager
7.1\(5b\)su1a
ciscounified_communications_manager
7.1\(5b\)su2
ciscounified_communications_manager
7.1\(5b\)su3
ciscounified_communications_manager
7.1\(5b\)su4
ciscounified_communications_manager
7.1\(5b\)su5
ciscounified_communications_manager
7.1\(5b\)su6
ciscounified_communications_manager
8.0
ciscounified_communications_manager
8.0\(1\)
ciscounified_communications_manager
8.0\(2\)
ciscounified_communications_manager
8.0\(2a\)
ciscounified_communications_manager
8.0\(2b\)
ciscounified_communications_manager
8.0\(2c\)
ciscounified_communications_manager
8.0\(2c\)su1
ciscounified_communications_manager
8.0\(3\)
ciscounified_communications_manager
8.0\(3a\)
ciscounified_communications_manager
8.0\(3a\)su1
ciscounified_communications_manager
8.0\(3a\)su2
ciscounified_communications_manager
8.0\(3a\)su3
ciscounified_communications_manager
8.5
ciscounified_communications_manager
8.5\(1\)
ciscounified_communications_manager
8.5\(1\)su1
ciscounified_communications_manager
8.5\(1\)su2
ciscounified_communications_manager
8.5\(1\)su3
ciscounified_communications_manager
8.5\(1\)su4
ciscounified_communications_manager
8.5\(1\)su5
ciscounified_communications_manager
8.6
ciscounified_communications_manager
8.6\(1\)
ciscounified_communications_manager
8.6\(1a\)
ciscounified_communications_manager
8.6\(2\)
ciscounified_communications_manager
8.6\(2a\)
ciscounified_communications_manager
8.6\(2a\)su1
ciscounified_communications_manager
8.6\(2a\)su2
ciscounified_communications_manager
8.6\(2a\)su3
ciscounified_communications_manager
8.6\(3\)
ciscounified_communications_manager
8.6\(4\)
ciscounified_communications_manager
9.0\(1\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/101800
http://secunia.com/advisories/56368
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0657
http://tools.cisco.com/security/center/viewAlert.x?alertId=32341
http://www.securityfocus.com/bid/64690
http://www.securitytracker.com/id/1029571
https://exchange.xforce.ibmcloud.com/vulnerabilities/90120
http://osvdb.org/101800
http://secunia.com/advisories/56368
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0657
http://tools.cisco.com/security/center/viewAlert.x?alertId=32341
http://www.securityfocus.com/bid/64690
http://www.securitytracker.com/id/1029571
https://exchange.xforce.ibmcloud.com/vulnerabilities/90120