CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
EPSS
Percentile
59.2%
A vulnerability in the CLI restrictions setting of Cisco Unified Communications Manager could allow an authenticated, remote attacker to remain undetected as an authenticated user. The vulnerability is due to improper sanitization of authenticated users.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, an attacker must have authenticated access to a targeted system. This access requirement may decrease the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | unified_communications_manager | any | cpe:2.3:a:cisco:unified_communications_manager:any:*:*:*:*:*:*:* |