CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3338
https://notcve.org/view.php?id=CVE-2014-3338
The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491. El módulo CTIManager en Cisco Unified Communications Manager (CM) 10.0(1), cuando el inicio se sesión único (single sign-on) está habilitado, no valida debidamente los tokens Kerberos SSO, lo que permite a usuarios remotos autenticados ganar privilegios y ejecutar comandos arbitrarios a través de datos de tokens manipulados, también conocido como Bug ID CSCum95491. • http://secunia.com/advisories/60054 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338 http://tools.cisco.com/security/center/viewAlert.x?alertId=35258 http://www.securityfocus.com/bid/69176 http://www.securitytracker.com/id/1030710 https://exchange.xforce.ibmcloud.com/vulnerabilities/95246 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3317
https://notcve.org/view.php?id=CVE-2014-3317
Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. Vulnerabilidad de salto de directorio en Multiple Analyzer en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager 10.0(1) permite a usuarios remotos autenticados eliminar ficheros arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCup76314. • http://secunia.com/advisories/59727 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3317 http://tools.cisco.com/security/center/viewAlert.x?alertId=34898 http://www.securityfocus.com/bid/68481 http://www.securitytracker.com/id/1030554 https://exchange.xforce.ibmcloud.com/vulnerabilities/94435 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3319
https://notcve.org/view.php?id=CVE-2014-3319
Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. Vulnerabilidad de salto de directorio en Real-Time Monitoring Tool (RTMT) en Cisco Unified Communications Manager (CM) 10.0(1) permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCup57676. • http://secunia.com/advisories/59734 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319 http://tools.cisco.com/security/center/viewAlert.x?alertId=34909 http://www.securitytracker.com/id/1030554 https://exchange.xforce.ibmcloud.com/vulnerabilities/94436 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3318
https://notcve.org/view.php?id=CVE-2014-3318
Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318. Vulnerabilidad de salto de directorio en dna/viewfilecontents.do en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCup76318. • http://secunia.com/advisories/59728 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3318 http://tools.cisco.com/security/center/viewAlert.x?alertId=34897 http://www.securityfocus.com/bid/68482 http://www.securitytracker.com/id/1030554 https://exchange.xforce.ibmcloud.com/vulnerabilities/94433 • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3316
https://notcve.org/view.php?id=CVE-2014-3316
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297. Multiple Analyzer en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager permite a usuarios remotos autenticados evadir las restricciones de subida a través de un parámetro manipulado, también conocido como Bug ID CSCup76297. • http://secunia.com/advisories/59730 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316 http://tools.cisco.com/security/center/viewAlert.x?alertId=34899 http://www.securityfocus.com/bid/68479 http://www.securitytracker.com/id/1030554 https://exchange.xforce.ibmcloud.com/vulnerabilities/94429 • CWE-20: Improper Input Validation •