Condorlab

Cisco – Multiple Vulnerabilities in Cisco Unified Communications Domain Manager


Advisory ID

RSN-UC-0001


Vulnerability Information

 

 

A vulnerability in the web framework of Cisco Unified Communications Domain Manager Application Software could allow an unauthenticated, remote attacker to access and modify BVSMWeb portal user information such as settings in the personal phone directory, speed dials, Single Number Reach, and call forward settings.  For more information on the affected versions, CVE-2014-3300 was assigned for this bug.


Technical Information

 

 

The vulnerabilities related to privilege escalation and default SSH key,may allow an attacker to execute arbitrary commands or obtain privileged access to the affected system. With the vulnerability in the BVSMWeb portal is possible to modify information of the user.


Release Date

02/07/2014


Solutions

 

 

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com


External Resources

 

 

Cisco Security Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm

Common Vulnerabilities and Exposures (CVE)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3300