CVE-2014-3338

The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:C/I:C/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
ciscounified_communications_manager
10.0\(1\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/60054
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338
http://tools.cisco.com/security/center/viewAlert.x?alertId=35258
http://www.securityfocus.com/bid/69176
http://www.securitytracker.com/id/1030710
https://exchange.xforce.ibmcloud.com/vulnerabilities/95246
http://secunia.com/advisories/60054
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338
http://tools.cisco.com/security/center/viewAlert.x?alertId=35258
http://www.securityfocus.com/bid/69176
http://www.securitytracker.com/id/1030710
https://exchange.xforce.ibmcloud.com/vulnerabilities/95246