Vulnerability Description
The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Context Directory Agent | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/101809
- http://secunia.com/advisories/56365
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0651Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32364Vendor Advisory
- http://www.securityfocus.com/bid/64706Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029573Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90166
- http://osvdb.org/101809
- http://secunia.com/advisories/56365
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0651Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32364Vendor Advisory
- http://www.securityfocus.com/bid/64706Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029573Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90166
FAQ
What is CVE-2014-0651?
CVE-2014-0651 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hij...
How severe is CVE-2014-0651?
CVE-2014-0651 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0651?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Context Directory Agent.