BID:69176

Cisco Unified Communications Manager CVE-2014-3338 Command Injection Vulnerability

Info

Cisco Unified Communications Manager CVE-2014-3338 Command Injection Vulnerability

Bugtraq ID:	69176
Class:	Input Validation Error
CVE:	CVE-2014-3338
Remote:	Yes
Local:	No
Published:	Aug 11 2014 12:00AM
Updated:	Aug 12 2014 04:53PM
Credit:	Cisco
Vulnerable:

Not Vulnerable:

Discussion

Cisco Unified Communications Manager CVE-2014-3338 Command Injection Vulnerability

Cisco Unified Communications Manager is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input.

Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application.

This issue is being tracked by Cisco bug ID CSCum95491.

Exploit / POC

Cisco Unified Communications Manager CVE-2014-3338 Command Injection Vulnerability

Attackers can exploit this issue using browser or readily available tools.

Solution / Fix

Cisco Unified Communications Manager CVE-2014-3338 Command Injection Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Cisco Unified Communications Manager CVE-2014-3338 Command Injection Vulnerability

References:

Cisco Homepage (Cisco )
Cisco TelePresence Homepage (Cisco)