Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security

Security Advisory – SOS-14-002 – Cisco CUCDM Administration Portal Multiple Vulnerabilities

Release Date: 30-Oct-2014

Last Update:

Vendor Notification Date: 17-Jan-2014

Product: Cisco Unified Communications Domain Manager


Affected versions:

Severity Rating: High / Medium / Low

Impact: Privilege escalation
Security bypass
Exposure of sensitive information

Attack Vector: Remote with / without authentication

Solution Status: Vendor patch
Vendor workaround

CVE reference: CVE-2014-2197


Multiple high risk security vulnerabilities were detected in the administration portal of the Cisco Unified Communications Domain Manager (a.k.a. CUCDM or VOSS Solutions Domain Manager). The security vulnerabilities can be used to obtain unauthorised access to the CUCDM services, to bypass the authorisation scheme, to elevate the current user privileges and to compromise the hosted VoIP services and infrastructure.

Please refer to the PDF version of this advisory for proof of concept code examples.


All vendor security fixes must be installed.

Discovered By

Fatih Ozavci from Sense of Security Labs.

Our expert consultants are here to help you. For all your Cyber Security needs please contact us today.

No Comments

Sorry, the comment form is closed at this time.