Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security

Security Advisory – SOS-14-002 – Cisco CUCDM Administration Portal Multiple Vulnerabilities

Release Date: 30-Oct-2014

Last Update:

Vendor Notification Date: 17-Jan-2014

Product: Cisco Unified Communications Domain Manager

Platform:

Affected versions:

Severity Rating: High / Medium / Low

Impact: Privilege escalation
Security bypass
Exposure of sensitive information

Attack Vector: Remote with / without authentication

Solution Status: Vendor patch
Vendor workaround

CVE reference: CVE-2014-2197
CVE-2014-3277
CVE-2014-3279
CVE-2014-3280
CVE-2014-3282

Details

Multiple high risk security vulnerabilities were detected in the administration portal of the Cisco Unified Communications Domain Manager (a.k.a. CUCDM or VOSS Solutions Domain Manager). The security vulnerabilities can be used to obtain unauthorised access to the CUCDM services, to bypass the authorisation scheme, to elevate the current user privileges and to compromise the hosted VoIP services and infrastructure.

Please refer to the PDF version of this advisory for proof of concept code examples.

Solution

All vendor security fixes must be installed.

Discovered By

Fatih Ozavci from Sense of Security Labs.

Our expert consultants are here to help you. For all your Cyber Security needs please contact us today.

No Comments

Sorry, the comment form is closed at this time.