Vulnerability Details : CVE-2014-2197
The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862.
Exploit prediction scoring system (EPSS) score for CVE-2014-2197
Probability of exploitation activity in the next 30 days: 0.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 60 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-2197
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2014-2197
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2197
-
http://www.securityfocus.com/bid/68333
Cisco Unified Communications Domain Manager CVE-2014-2197 Privilege Escalation Vulnerability
-
http://secunia.com/advisories/59573
Sign in
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm
Multiple Vulnerabilities in Cisco Unified Communications Domain ManagerVendor Advisory
-
http://www.securitytracker.com/id/1030515
Cisco Unified Communications Domain Manager Bugs Let Remote Users Access the System and Remote Authenticated Users Gain Elevated Privileges - SecurityTracker
-
http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689
Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager
Products affected by CVE-2014-2197
- cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_cdm_application_software:*:*:*:*:*:*:*:*