Access Control Flaw in Cisco Unified Communications Domain Manager
CVE-2014-2197

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Communications Domain Manager; Unified Cdm Application Software
Vendor: CVE Published:; 7 July 2014

Summary

The Administration GUI in Cisco's Unified Communications Domain Manager (CDM) framework prior to version 8.1.4 has an access control issue. This flaw allows remote authenticated users to manipulate administrative credentials through specially crafted URLs. This can result in unauthorized access and potential compromise of the administrative functions within the application.

References

http://secunia.com/advisories/59573

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id/1030515

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Jul 7, 2014
Vulnerability Reserved
Feb 25, 2014