CVE Vulnerabilities

CVE-2014-0743

Improper Authentication

Published: Feb 27, 2014 | Modified: Jul 29, 2015
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Unified_communications_manager Cisco 4.2.3sr2 4.2.3sr2
Unified_communications_manager Cisco 3.3(5) 3.3(5)
Unified_communications_manager Cisco 4.1(3)sr1 4.1(3)sr1
Unified_communications_manager Cisco 10.0 10.0
Unified_communications_manager Cisco 4.2.3sr1 4.2.3sr1
Unified_communications_manager Cisco 4.1(3)sr2 4.1(3)sr2
Unified_communications_manager Cisco 4.1(3) 4.1(3)
Unified_communications_manager Cisco 4.2 4.2
Unified_communications_manager Cisco 4.3 4.3
Unified_communications_manager Cisco 4.2.3 4.2.3
Unified_communications_manager Cisco 4.1(3)sr4 4.1(3)sr4
Unified_communications_manager Cisco 4.2.1 4.2.1
Unified_communications_manager Cisco 3.3(5)sr2a 3.3(5)sr2a
Unified_communications_manager Cisco 4.2.2 4.2.2
Unified_communications_manager Cisco 4.1(3)sr3 4.1(3)sr3
Unified_communications_manager Cisco 3.3(5)sr1 3.3(5)sr1
Unified_communications_manager Cisco 4.2.3sr2b 4.2.3sr2b
Unified_communications_manager Cisco * 10.0(1)

Potential Mitigations

References