Role-based Access Control Bypass in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier (Bug ID CSCuj83540)

Role-based Access Control Bypass in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier (Bug ID CSCuj83540)

CVE-2014-0657 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.

Learn more about our Cis Benchmark Audit For Cisco.