Vulnerability Details : CVE-2014-3292
The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2014-3292
Probability of exploitation activity in the next 30 days: 0.21%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 58 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3292
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:P |
8.0
|
4.9
|
NIST |
CWE ids for CVE-2014-3292
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3292
-
http://www.securitytracker.com/id/1030408
Cisco Unified Communications Manager Input Validation Flaw in Real-Time Monitoring Tool (RTMT) Lets Remote Authenticated Users Delete or Download Arbitrary Files - SecurityTrackerThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=34574
Cisco Unified Communications Manager Real-Time Monitoring Tool Multiple VulnerabilitiesVendor Advisory
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3292
Cisco Unified Communications Manager Real-Time Monitoring Tool Multiple VulnerabilitiesVendor Advisory
Products affected by CVE-2014-3292
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*