CVE-2014-0732

EUVD-2014-0763
The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
ciscounified_communications_manager
𝑥
≤ 10.0\(1\)
ciscounified_communications_manager
3.3\(5\)
ciscounified_communications_manager
3.3\(5\)sr1
ciscounified_communications_manager
3.3\(5\)sr2a
ciscounified_communications_manager
4.1\(3\)
ciscounified_communications_manager
4.1\(3\)sr1
ciscounified_communications_manager
4.1\(3\)sr2
ciscounified_communications_manager
4.1\(3\)sr3
ciscounified_communications_manager
4.1\(3\)sr4
ciscounified_communications_manager
4.2
ciscounified_communications_manager
4.2.1
ciscounified_communications_manager
4.2.2
ciscounified_communications_manager
4.2.3
ciscounified_communications_manager
4.2.3sr1:sr1
ciscounified_communications_manager
4.2.3sr2:sr2
ciscounified_communications_manager
4.2.3sr2b:sr2b
ciscounified_communications_manager
4.3
ciscounified_communications_manager
10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732
http://tools.cisco.com/security/center/viewAlert.x?alertId=32913
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732
http://tools.cisco.com/security/center/viewAlert.x?alertId=32913