Vulnerability Details : CVE-2014-3320
Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835.
Vulnerability category: Open redirect
Exploit prediction scoring system (EPSS) score for CVE-2014-3320
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3320
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
References for CVE-2014-3320
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=34960
Cisco Unified Communications Domain Manager Admin HTTP Redirect VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1030613
Cisco Unified Communications Domain Manager Input Validation Flaw Permits Open Redirect Attacks - SecurityTrackerThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3320
Cisco Unified Communications Domain Manager Admin HTTP Redirect VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/68694
Cisco Unified Communications Domain Manager Admin HTTP Open Redirection VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2014-3320
- cpe:2.3:a:cisco:unified_communications_domain_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_domain_manager:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\(.3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\(.1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\(.2\):*:*:*:*:*:*:*