CVE-2014-3300

Cisco Unified Cdm Application Software < 8.1.4 - Access Control

Title source: rule

Description

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041.

Exploits (2)

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/voip/cisco_cucdm_call_forward.rb

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/voip/cisco_cucdm_speed_dials.rb

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm

[Vendor Advisory] http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/68331

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1030515

[Third Party Advisory] http://secunia.com/advisories/59556

Scores

EPSS 0.4558

EPSS Percentile 97.6%

Details

CWE

CWE-264

Status published

Products (3)

cisco/unified_cdm_application_software 8.1

cisco/unified_cdm_application_software < 8.1.4

cisco/unified_communications_domain_manager

Published Jul 07, 2014

Tracked Since Feb 18, 2026