The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.
References
Link | Resource |
---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733 | Vendor Advisory |
http://tools.cisco.com/security/center/viewAlert.x?alertId=32914 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2014-02-20T11:00:00
Updated: 2014-02-20T04:57:00
Reserved: 2014-01-02T00:00:00
Link: CVE-2014-0733
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-02-20T15:27:09.437
Modified: 2014-02-20T23:52:25.500
Link: CVE-2014-0733
JSON object: View
Redhat Information
No data.
CWE