Affected configuration(s):
cpe:/a:cisco:unified_communications_manager:3.3%285%29
cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1
cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a
cpe:/a:cisco:unified_communications_manager:4.1%283%29
cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1
cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2
cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3
cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4
cpe:/a:cisco:unified_communications_manager:4.2
cpe:/a:cisco:unified_communications_manager:4.2.1
cpe:/a:cisco:unified_communications_manager:4.2.2
cpe:/a:cisco:unified_communications_manager:4.2.3
cpe:/a:cisco:unified_communications_manager:4.2.3sr1
cpe:/a:cisco:unified_communications_manager:4.2.3sr2
cpe:/a:cisco:unified_communications_manager:4.2.3sr2b
cpe:/a:cisco:unified_communications_manager:4.3
cpe:/a:cisco:unified_communications_manager:10.0
cpe:/a:cisco:unified_communications_manager:10.0%281%29
Date published: 2014-02-20T10:27:09.437-05:00
Date last modified: 2014-02-20T18:52:25.500-05:00
CVSS Score: 5.0
Principal attack vector: NETWORK
Complexity: LOW
Reference URL: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733
Summary: The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.