CVE-2014-3338

EUVD-2014-3351
The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
ciscounified_communications_manager
10.0\(1\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/60054
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338
http://tools.cisco.com/security/center/viewAlert.x?alertId=35258
http://www.securityfocus.com/bid/69176
http://www.securitytracker.com/id/1030710
https://exchange.xforce.ibmcloud.com/vulnerabilities/95246
http://secunia.com/advisories/60054
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338
http://tools.cisco.com/security/center/viewAlert.x?alertId=35258
http://www.securityfocus.com/bid/69176
http://www.securitytracker.com/id/1030710
https://exchange.xforce.ibmcloud.com/vulnerabilities/95246