VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 13, 2014· Updated Apr 29, 2026

CVE-2014-0724

CVE-2014-0724

Description

Cisco Unified Communications Manager (UCM) 10.0(1) and earlier has an authentication bypass in the bulk administration interface, enabling remote arbitrary file read.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco Unified Communications Manager (UCM) 10.0(1) and earlier has an authentication bypass in the bulk administration interface, enabling remote arbitrary file read.

Vulnerability

The bulk administration interface in Cisco Unified Communications Manager (UCM) versions 10.0(1) and earlier contains an authentication bypass vulnerability. By using an unspecified prompt, a remote attacker can bypass authentication and read arbitrary files. This issue is tracked as Bug ID CSCum05340. [1]

Exploitation

An attacker can exploit this vulnerability remotely without requiring any authentication. The attack vector is through the bulk administration interface, where the attacker leverages an unspecified prompt to bypass authentication. No user interaction is needed.

Impact

Successful exploitation allows an attacker to read arbitrary files on the affected system, leading to information disclosure. The attacker gains unauthorized read access to sensitive data, potentially including configuration files and other confidential information.

Mitigation

As of the publication date (2014-02-13), Cisco has not released a patch for this vulnerability. The Cisco Security Notice [1] may contain workarounds or mitigation steps, but the available reference text does not provide specific details. Users should monitor the advisory for updates and consider restricting access to the bulk administration interface as a precaution.

References
  1. Security Advisories

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Cisco Systems, Inc./Unified Communications Manager3 versions
    cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*range: <=10.0\(1\)
    • cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*
    • (no CPE)range: <=10.0(1)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.