Vulnerability Details : CVE-2014-3316
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2014-3316
Probability of exploitation activity in the next 30 days: 0.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3316
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2014-3316
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3316
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=34899
Cisco Unified Communications Manager DNA Arbitrary File Upload VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/68479
Cisco Unified Communications Manager CVE-2014-3316 Arbitrary File Upload Vulnerability
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316
Cisco Unified Communications Manager DNA Arbitrary File Upload VulnerabilityVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94429
Cisco Unified Communications Manager file upload CVE-2014-3316 Vulnerability Report
-
http://www.securitytracker.com/id/1030554
Cisco Unified Communications Manager Input Validation Flaws Let Remote Authenticated Users Upload, Delete, and Download Arbitrary Files - SecurityTracker
Products affected by CVE-2014-3316
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:10.0\(1\)_base:*:*:*:*:*:*:*