Cisco Unified Communications Domain Manager Multiple Vulnerabilities

Last Update Date: 7 Jul 2014 Release Date: 3 Jul 2014 3105 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Im, Chat & Voip

TYPE: Im, Chat & Voip

Multiple vulnerabilities have been identified in Cisco Unified Communications Domain Manager. A remote user can gain root access on the target system, and access and modify settings. A remote authenticated user can obtain elevated privileges on the target system.

  1. A remote authenticated user can submit a specially crafted URL to trigger a flaw in the Administration interface and change the administrative credentials of an arbitrary user.
  2. The system uses a default SSH private key that is stored in an non-secure manner. A remote user can obtain the SSH private key and use the key to login to the target system with root privileges. The key may be obtained, for example, by reverse engineering the binary file of the operating system.
  3. A remote user can submit a specially crafted URL to access and modify BVSMWeb portal user information (e.g., personal phone directory settings, speed dials, Single Number Reach, call forward settings).

Impact

  • Elevation of Privilege
  • Data Manipulation

System / Technologies affected

  • 思科 Unified Communications Domain Manager

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (Cisco Unified CDM Application Software 8.1.4, Cisco Unified CDM Platform Software 4.4.2, CDM Application Software version 10).

Vulnerability Identifier

Source

Related Link

Share with

Previous

RealPlayer MP4 File Atom Handling Buffer Overflow Vulnerability

4 Jul 2014 3050 Views

Next

Adobe Flash Player / AIR Multiple Vulnerabilities

9 Jul 2014 3137 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY