Role-based Access Control Bypass in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier (Bug ID CSCuj83540)
CVE-2014-0657 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.
Learn more about our Cis Benchmark Audit For Cisco.