Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security

30 Oct Security Advisory – SOS-14-003 – Cisco CUCDM Self Care Portal Multiple Vulnerabilities

Posted at 16:01h in Advisory, News by

Release Date: 30-Oct-2014

Last Update:

Vendor Notification Date: 17-Jan-2014

Product: Cisco Unified Communications Domain Manager

Platform:

Affected versions:

Severity Rating: Medium

Impact: Hijacking
Cross-site Scripting

Attack Vector: Remote with / without authentication

Solution Status: Vendor patch

CVE reference: CVE-2014-3283

Details

Multiple medium risk security vulnerabilities were detected in the Self Care portal of the Cisco Unified Communications Domain Manager (a.k.a. CUCDM or VOSS Solutions Domain Manager). The security vulnerabilities can be used to obtain unauthorised access to the CUCDM Self Care portal and to compromise the hosted VoIP tenant services.

Please refer to the PDF version of this advisory for proof of concept code examples.

Solution

All vendor security fixes must be installed.

Discovered By

Fatih Ozavci from Sense of Security Labs.

Our expert consultants are here to help you. For all your Cyber Security needs please contact us today.

Print page
No Comments

Sorry, the comment form is closed at this time.