Vulnerability Description
The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unity Connection | 9.1\(1\) |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/59768
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=35200Vendor Advisory
- http://www.securityfocus.com/bid/69074
- http://www.securitytracker.com/id/1030688
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95135
- http://secunia.com/advisories/59768
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=35200Vendor Advisory
- http://www.securityfocus.com/bid/69074
- http://www.securitytracker.com/id/1030688
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95135
FAQ
What is CVE-2014-3333?
CVE-2014-3333 is a vulnerability with a CVSS score of 9.0 (HIGH). The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files w...
How severe is CVE-2014-3333?
CVE-2014-3333 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3333?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unity Connection.