The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/59768 - | |
References | () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333 - Vendor Advisory | |
References | () http://tools.cisco.com/security/center/viewAlert.x?alertId=35200 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/69074 - | |
References | () http://www.securitytracker.com/id/1030688 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/95135 - |
Information
Published : 2014-08-11 20:55
Updated : 2024-11-21 02:07
NVD link : CVE-2014-3333
Mitre link : CVE-2014-3333
CVE.ORG link : CVE-2014-3333
JSON object : View
Products Affected
cisco
- unity_connection
CWE
CWE-264
Permissions, Privileges, and Access Controls