Lucene search

CiscoCVE-2018-0267

HistoryApr 19, 2018 - 8:29 p.m.

CVE-2018-0267

2018-04-1920:29:01

CWE-425

CWE-200

cisco

web.nvd.nist.gov

cisco

unified communications manager

vulnerability

web framework

authenticated

local attacker

sensitive data

ldap credentials

database tables

web interface

url

exploit

cisco bug ids

cscvf22116

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116.

Affected configurations

Nvd

Node

ciscounified_communications_managerMatch10.5\(2.10000.5\)

ciscounified_communications_managerMatch11.0\(1.10000.10\)

ciscounified_communications_managerMatch11.5\(1.10000.6\)

ciscounified_communications_managerMatch12.0\(1.10000.10\)

VendorProductVersionCPE
ciscounified_communications_manager10.5(2.10000.5)cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):*:*:*:*:*:*:*
ciscounified_communications_manager11.0(1.10000.10)cpe:2.3:a:cisco:unified_communications_manager:11.0\(1.10000.10\):*:*:*:*:*:*:*
ciscounified_communications_manager11.5(1.10000.6)cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:*:*:*:*
ciscounified_communications_manager12.0(1.10000.10)cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	10.5(2.10000.5)	cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):::::::*
cisco	unified_communications_manager	11.0(1.10000.10)	cpe:2.3:a:cisco:unified_communications_manager:11.0\(1.10000.10\):::::::*
cisco	unified_communications_manager	11.5(1.10000.6)	cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):::::::*
cisco	unified_communications_manager	12.0(1.10000.10)	cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):::::::*

CNA Affected

[
  {
    "product": "Cisco Unified Communications Manager",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Unified Communications Manager"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103937

www.securitytracker.com/id/1040719

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2018-0267