30 Oct Security Advisory – SOS-14-003 – Cisco CUCDM Self Care Portal Multiple Vulnerabilities
Release Date: 30-Oct-2014
Last Update: –
Vendor Notification Date: 17-Jan-2014
Product: Cisco Unified Communications Domain Manager
Affected versions: –
Severity Rating: Medium
Attack Vector: Remote with / without authentication
Solution Status: Vendor patch
CVE reference: CVE-2014-3283
Multiple medium risk security vulnerabilities were detected in the Self Care portal of the Cisco Unified Communications Domain Manager (a.k.a. CUCDM or VOSS Solutions Domain Manager). The security vulnerabilities can be used to obtain unauthorised access to the CUCDM Self Care portal and to compromise the hosted VoIP tenant services.
Please refer to the PDF version of this advisory for proof of concept code examples.
All vendor security fixes must be installed.
Fatih Ozavci from Sense of Security Labs.