CVE-2014-3333

high

Description

The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/95135

http://www.securitytracker.com/id/1030688

http://www.securityfocus.com/bid/69074

http://tools.cisco.com/security/center/viewAlert.x?alertId=35200

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3333

http://secunia.com/advisories/59768

Details

Source: Mitre, NVD

Published: 2014-08-11

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01843