CVE-2014-3338

high

Cisco

CVSS v3 Base Score

8.5

AV:N/AC:M/Au:S/C:C/I:C/A:C

EPSS Score

1.7%

Exploitation probability in 30 days

Top 18% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

Availability

Published: August 12, 2014 (4292 days ago)

Last Modified: May 6, 2026

Vendor: Cisco

Source: NVD

Description

The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491.

CWE

CWE-20

Affected Products

cisco unified communications manager

References

🔗 secunia.com 🔗 tools.cisco.com 🔗 tools.cisco.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com

CVE-2014-3338

Vulnerability Report

Description

CWE

Affected Products

References