CVE

Id
70634  
CVE No.
CVE-2014-3338  
Status
Candidate  
Description
The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491.  
Phase
Assigned (20140507)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
671511 70634 CVE-2014-3338 CONFIRM:http://tools.cisco.com/security/center/viewAlert.x?alertId=35258  View
671512 70634 CVE-2014-3338 CISCO:20140811 Cisco Unified Communications Manager CTIManager Vulnerability  View
671513 70634 CVE-2014-3338 URL:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338  View
671514 70634 CVE-2014-3338 BID:69176  View
671515 70634 CVE-2014-3338 URL:http://www.securityfocus.com/bid/69176  View
671516 70634 CVE-2014-3338 SECTRACK:1030710  View
671517 70634 CVE-2014-3338 URL:http://www.securitytracker.com/id/1030710  View
671518 70634 CVE-2014-3338 SECUNIA:60054  View
671519 70634 CVE-2014-3338 URL:http://secunia.com/advisories/60054  View
671520 70634 CVE-2014-3338 XF:cucm-cve20143338-command-exec(95246)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
15115 JVNDB-2014-003990 Cisco Transport Gateway for Smart Call Home の Web フレームワークにおけるサービス運用妨害 (DoS) の脆弱性 Cisco Transport Gateway for Smart Call Home (別名 TG-SCH または Transport Gateway Installation Software) の Web フレームワークは、不特定のパラメータを検証しないため、サービス運用妨害 (サービスクラッシュ) 状態にされる脆弱性が存在します。 CVE-2014-3346 70634 6.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003990.html  View