CVE-2014-3333

The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:unity_connection:9.1\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unity_connection:9.1\(2\):*:*:*:*:*:*:*

History

21 Nov 2024, 02:07

Type Values Removed Values Added
References () http://secunia.com/advisories/59768 - () http://secunia.com/advisories/59768 -
References () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333 - Vendor Advisory () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333 - Vendor Advisory
References () http://tools.cisco.com/security/center/viewAlert.x?alertId=35200 - Vendor Advisory () http://tools.cisco.com/security/center/viewAlert.x?alertId=35200 - Vendor Advisory
References () http://www.securityfocus.com/bid/69074 - () http://www.securityfocus.com/bid/69074 -
References () http://www.securitytracker.com/id/1030688 - () http://www.securitytracker.com/id/1030688 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/95135 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/95135 -

Information

Published : 2014-08-11 20:55

Updated : 2024-11-21 02:07


NVD link : CVE-2014-3333

Mitre link : CVE-2014-3333

CVE.ORG link : CVE-2014-3333


JSON object : View

Products Affected

cisco

  • unity_connection
CWE
CWE-264

Permissions, Privileges, and Access Controls