CVE-2014-0733

Published Feb 20, 2014

Last updated a month ago

CVSS info 5.0

Overview

Description: The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.
Source: psirt@cisco.com
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F66EDBF-F735-4E44-B650-39FCE806535A",
            "versionEndIncluding": "10.0\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65BB9155-89E5-4D54-AF1B-D5CA38392D5D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFFD96E3-B19F-41B7-86FD-DBFD41382C28"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E9BF838-87A2-43B8-975B-524D7F954BF5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9600EA23-5428-4312-A38E-480E3C3228BF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57F5547E-F9C8-4F9C-96A1-563A66EE8D48"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6C20851-DC17-4E89-A6C1-D1B52D47608F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC830649-C0D4-4FFC-8701-80FB4A706F58"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "935D2815-7146-4125-BDBE-BFAA62A88EC9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19432E5E-EA68-4B7A-8B99-DEBACBC3F160"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "577571D6-AC59-4A43-B9A5-7B6FC6D2046C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References