Cisco Unified Communications Manager concurrent logon Security Restriction Bypass Vulnerability

Cisco Unified Communications Manager concurrent logon Security Restriction Bypass Vulnerability

Release date:
Updated on:

Affected Systems:
Cisco uniied Communications Manager
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69068
CVE (CAN) ID: CVE-2014-3332
 
Cisco uniied Communications Manager is an enterprise-level IP call handling system.
 
The Cisco Unified Communications Manager CLI restriction settings have a security vulnerability that does not properly perform authentication. Attackers can exploit this vulnerability to bypass certain security restrictions and perform unauthorized operations.
 
<* Source: Cisco

Link: http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3332 *****
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Cisco
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
 
Http://tools.cisco.com/security/center/publicationListing.x #~ CiscoSecurityResponse
 
This article permanently updates the link address: