CVE-2014-0733

The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.

Published: Feb 20, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-0733
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
cisco / unified_communications_manager	4.2.3sr2	4.2.3sr2.x
cisco / unified_communications_manager	3.3(5)	3.3(5).x
cisco / unified_communications_manager	4.1(3)sr1	4.1(3)sr1.x
cisco / unified_communications_manager	10.0	10.0.x
cisco / unified_communications_manager	4.2.3sr1	4.2.3sr1.x
cisco / unified_communications_manager	4.1(3)sr2	4.1(3)sr2.x
cisco / unified_communications_manager	4.1(3)	4.1(3).x
cisco / unified_communications_manager	4.2	4.2.x
cisco / unified_communications_manager	4.3	4.3.x
cisco / unified_communications_manager	4.2.3	4.2.3.x
cisco / unified_communications_manager	4.1(3)sr4	4.1(3)sr4.x
cisco / unified_communications_manager	4.2.1	4.2.1.x
cisco / unified_communications_manager	3.3(5)sr2a	3.3(5)sr2a.x
cisco / unified_communications_manager	4.2.2	4.2.2.x
cisco / unified_communications_manager	4.1(3)sr3	4.1(3)sr3.x
cisco / unified_communications_manager	3.3(5)sr1	3.3(5)sr1.x
cisco / unified_communications_manager	4.2.3sr2b	4.2.3sr2b.x
cisco / unified_communications_manager	-	10.0\(1\).x

Vulnerability Database

289,689

CVE-2014-0733