CVE-2014-0733

Cisco Unified Communications Manager - Authentication Bypass

Title source: rule

Description

The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.

References (2)

Scores

EPSS 0.0030
EPSS Percentile 53.1%

Classification

CWE
CWE-287
Status draft

Affected Products (18)

cisco/unified_communications_manager < 10.0\(1\)
cisco/unified_communications_manager
cisco/unified_communications_manager
cisco/unified_communications_manager
cisco/unified_communications_manager
cisco/unified_communications_manager
cisco/unified_communications_manager
cisco/unified_communications_manager
cisco/unified_communications_manager
cisco/unified_communications_manager
cisco/unified_communications_manager
cisco/unified_communications_manager
cisco/unified_communications_manager
cisco/unified_communications_manager
cisco/unified_communications_manager
... and 3 more

Timeline

Published Feb 20, 2014
Tracked Since Feb 18, 2026