1. CVE-Search
  2. CVE-2014-3320
ID CVE-2014-3320
Summary Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835. <a href="http://cwe.mitre.org/data/definitions/601.html" target="_blank">CWE-601: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>
References
Vulnerable Configurations
  • cpe:2.3:a:cisco:unified_communications_domain_manager:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_domain_manager:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\(.1\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\(.1\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\(.2\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\(.2\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\(.3\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\(.3\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_domain_manager:7.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_domain_manager:7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_domain_manager:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_domain_manager:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_domain_manager:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_domain_manager:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_domain_manager:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_domain_manager:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\(.4\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_domain_manager:8.1\(.4\):*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 12-01-2017 - 11:51)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
bid 68694
cisco 20140717 Cisco Unified Communications Domain Manager Admin HTTP Redirect Vulnerability
confirm http://tools.cisco.com/security/center/viewAlert.x?alertId=34960
sectrack 1030613
Last major update 12-01-2017 - 11:51
Published 18-07-2014 - 00:55
Last modified 12-01-2017 - 11:51
Back to Top