CVE-2014-0731

Severity

50%

Complexity

99%

Confidentiality

48%

The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

First reported 11 years ago

2014-02-22 21:55:00

Last updated 8 years ago

2016-09-09 14:42:00

Affected Software

Cisco Unified Communications Manager 3.3(5)

3.3\(5\)

Cisco Unified Communications Manager 3.3(5) SR1

3.3\(5\)sr1

Cisco Unified Communications Manager 3.3(5) SR2a

3.3\(5\)sr2a

Cisco Unified Communications Manager 4.1(3)

4.1\(3\)

Cisco Unified Communications Manager 4.1(3) SR1

4.1\(3\)sr1

Cisco Unified Communications Manager 4.1(3) SR2

4.1\(3\)sr2

Cisco Unified Communications Manager 4.1(3) SR3

4.1\(3\)sr3

Cisco Unified Communications Manager 4.1(3) SR4

4.1\(3\)sr4

Cisco Unified Communications Manager 4.2

4.2

Cisco Unified Communications Manager 4.2.1

4.2.1

Cisco Unified Communications Manager 4.2.2

4.2.2

Cisco Unified Communications Manager 4.2.3

4.2.3

Cisco Unified Communications Manager 4.2.3 SR1

4.2.3sr1

Cisco Unified Communications Manager 4.2.3 SR2

4.2.3sr2

Cisco Unified Communications Manager 4.2.3 SR2b

4.2.3sr2b

Cisco Unified Communications Manager 4.3

4.3

Cisco Unified Communications Manager 10.0

10.0

Cisco Unified Communications Manager

References

20140218 Cisco Unified Communications Manager Java Class File Availability Vulnerability

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=32915