Vulnerability Details : CVE-2014-2102
Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575.
Exploit prediction scoring system (EPSS) score for CVE-2014-2102
Probability of exploitation activity in the next 30 days: 0.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 41 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-2102
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2014-2102
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2102
-
http://www.securitytracker.com/id/1029842
Cisco Unified Contact Center Bugs Let Remote Authenticated Users Obtain Potentially Sensitive Information and Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2102
Cisco Unified Contact Center Express CCMConfig Sensitive Information Disclosure VulnerabilityVendor Advisory
Products affected by CVE-2014-2102
- cpe:2.3:a:cisco:unified_contact_center_express_editor_software:-:*:*:*:*:*:*:*