Unrated severityNVD Advisory· Published Aug 12, 2014· Updated May 6, 2026

CVE-2014-3338

Description

The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491.

Affected products

Cisco Systems, Inc./Unified Communications Manager2 versions
cpe:2.3:a:cisco:unified_communications_manager:10.0\(1\):*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cisco:unified_communications_manager:10.0\(1\):*:*:*:*:*:*:*
- (no CPE)range: =10.0(1)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338nvdVendor Advisory
tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory
secunia.com/advisories/60054nvd
www.securityfocus.com/bid/69176nvd
www.securitytracker.com/id/1030710nvd
exchange.xforce.ibmcloud.com/vulnerabilities/95246nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000