CVE-2014-3300

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
ciscounified_cdm_application_software
𝑥
≤ 8.1.4
ciscounified_cdm_application_software
8.1
ciscounified_communications_domain_manager
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/59556
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm
http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689
http://www.securityfocus.com/bid/68331
http://www.securitytracker.com/id/1030515
http://secunia.com/advisories/59556
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm
http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689
http://www.securityfocus.com/bid/68331
http://www.securitytracker.com/id/1030515