Lucene search

CiscoCVE-2015-4196

HistoryJul 04, 2015 - 10:59 a.m.

CVE-2015-4196

2015-07-0410:59:02

CWE-255

cisco

web.nvd.nist.gov

cisco

unified communications

domain manager

cve-2015-4196

nvd

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.002

Percentile

56.2%

JSON

Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.

Affected configurations

Nvd

Node

ciscounified_communications_domain_managerMatch4.4.1

ciscounified_communications_domain_managerMatch4.4.2

ciscounified_communications_domain_managerMatch4.4.3

ciscounified_communications_domain_managerMatch4.4.4

VendorProductVersionCPE
ciscounified_communications_domain_manager4.4.1cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.1:*:*:*:*:*:*:*
ciscounified_communications_domain_manager4.4.2cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.2:*:*:*:*:*:*:*
ciscounified_communications_domain_manager4.4.3cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.3:*:*:*:*:*:*:*
ciscounified_communications_domain_manager4.4.4cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_domain_manager	4.4.1	cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.1:::::::*
cisco	unified_communications_domain_manager	4.4.2	cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.2:::::::*
cisco	unified_communications_domain_manager	4.4.3	cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.3:::::::*
cisco	unified_communications_domain_manager	4.4.4	cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.4:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150701-cucdm

www.securitytracker.com/id/1032774

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.002

Percentile

56.2%

JSON

Related for CVE-2015-4196