Cisco – Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

Advisory ID


Vulnerability Information



A vulnerability in the web framework of Cisco Unified Communications Domain Manager Application Software could allow an unauthenticated, remote attacker to access and modify BVSMWeb portal user information such as settings in the personal phone directory, speed dials, Single Number Reach, and call forward settings.  For more information on the affected versions, CVE-2014-3300 was assigned for this bug.

Technical Information



The vulnerabilities related to privilege escalation and default SSH key,may allow an attacker to execute arbitrary commands or obtain privileged access to the affected system. With the vulnerability in the BVSMWeb portal is possible to modify information of the user.

Release Date





The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit

External Resources



Cisco Security Advisory

Common Vulnerabilities and Exposures (CVE)