CVE-2014-0733

The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
ciscounified_communications_manager
𝑥
≤ 10.0\(1\)
ciscounified_communications_manager
3.3\(5\)
ciscounified_communications_manager
3.3\(5\)sr1
ciscounified_communications_manager
3.3\(5\)sr2a
ciscounified_communications_manager
4.1\(3\)
ciscounified_communications_manager
4.1\(3\)sr1
ciscounified_communications_manager
4.1\(3\)sr2
ciscounified_communications_manager
4.1\(3\)sr3
ciscounified_communications_manager
4.1\(3\)sr4
ciscounified_communications_manager
4.2
ciscounified_communications_manager
4.2.1
ciscounified_communications_manager
4.2.2
ciscounified_communications_manager
4.2.3
ciscounified_communications_manager
4.2.3sr1:sr1
ciscounified_communications_manager
4.2.3sr2:sr2
ciscounified_communications_manager
4.2.3sr2b:sr2b
ciscounified_communications_manager
4.3
ciscounified_communications_manager
10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733
http://tools.cisco.com/security/center/viewAlert.x?alertId=32914
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733
http://tools.cisco.com/security/center/viewAlert.x?alertId=32914