Vulnerability Description
Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Communications Domain Manager | <= 8.1\(.4\) |
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3320Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=34960Vendor Advisory
- http://www.securityfocus.com/bid/68694Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1030613Third Party AdvisoryVDB Entry
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3320Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=34960Vendor Advisory
- http://www.securityfocus.com/bid/68694Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1030613Third Party AdvisoryVDB Entry
FAQ
What is CVE-2014-3320?
CVE-2014-3320 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users...
How severe is CVE-2014-3320?
CVE-2014-3320 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3320?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Domain Manager.