Lucene search

[email protected]NVD:CVE-2009-0632

HistoryMar 12, 2009 - 3:20 p.m.

CVE-2009-0632

2009-03-1215:20:49

CWE-255

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.005

Percentile

77.6%

JSON

The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.

Affected configurations

Nvd

Node

ciscounified_communications_managerMatch4.1

ciscounified_communications_managerMatch4.2

ciscounified_communications_managerMatch4.2\(3\)sr1

ciscounified_communications_managerMatch4.2\(3\)sr2b

ciscounified_communications_managerMatch4.2\(3\)sr3

ciscounified_communications_managerMatch4.2\(3\)sr4

ciscounified_communications_managerMatch4.3

ciscounified_communications_managerMatch4.3\(1\)sr.1

ciscounified_communications_managerMatch4.3\(2\)

ciscounified_communications_managerMatch4.3\(2\)sr1

ciscounified_communications_managerMatch5.0

ciscounified_communications_managerMatch5.1\(1\)

ciscounified_communications_managerMatch5.1\(2\)

ciscounified_communications_managerMatch5.1\(2a\)

ciscounified_communications_managerMatch5.1\(2b\)

ciscounified_communications_managerMatch5.1\(3\)

ciscounified_communications_managerMatch5.1\(3a\)

ciscounified_communications_managerMatch5.1\(3c\)

ciscounified_communications_managerMatch5.1\(3d\)

ciscounified_communications_managerMatch6.0

ciscounified_communications_managerMatch6.0\(1\)

ciscounified_communications_managerMatch6.0\(1a\)

ciscounified_communications_managerMatch6.1

ciscounified_communications_managerMatch6.1\(1\)

ciscounified_communications_managerMatch6.1\(1a\)

ciscounified_communications_managerMatch6.1\(2\)

ciscounified_communications_managerMatch6.1\(2\)su1

ciscounified_communications_managerMatch6.1\(3\)

ciscounified_communications_managerMatch7.0

ciscounified_communications_managerMatch7.0\(1\)

VendorProductVersionCPE
ciscounified_communications_manager4.1cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*
ciscounified_communications_manager4.2cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*
ciscounified_communications_manager4.2(3)sr1cpe:2.3:a:cisco:unified_communications_manager:4.2\(3\)sr1:*:*:*:*:*:*:*
ciscounified_communications_manager4.2(3)sr2bcpe:2.3:a:cisco:unified_communications_manager:4.2\(3\)sr2b:*:*:*:*:*:*:*
ciscounified_communications_manager4.2(3)sr3cpe:2.3:a:cisco:unified_communications_manager:4.2\(3\)sr3:*:*:*:*:*:*:*
ciscounified_communications_manager4.2(3)sr4cpe:2.3:a:cisco:unified_communications_manager:4.2\(3\)sr4:*:*:*:*:*:*:*
ciscounified_communications_manager4.3cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*
ciscounified_communications_manager4.3(1)sr.1cpe:2.3:a:cisco:unified_communications_manager:4.3\(1\)sr.1:*:*:*:*:*:*:*
ciscounified_communications_manager4.3(2)cpe:2.3:a:cisco:unified_communications_manager:4.3\(2\):*:*:*:*:*:*:*
ciscounified_communications_manager4.3(2)sr1cpe:2.3:a:cisco:unified_communications_manager:4.3\(2\)sr1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	4.1	cpe:2.3:a:cisco:unified_communications_manager:4.1:::::::*
cisco	unified_communications_manager	4.2	cpe:2.3:a:cisco:unified_communications_manager:4.2:::::::*
cisco	unified_communications_manager	4.2(3)sr1	cpe:2.3:a:cisco:unified_communications_manager:4.2\(3\)sr1:::::::*
cisco	unified_communications_manager	4.2(3)sr2b	cpe:2.3:a:cisco:unified_communications_manager:4.2\(3\)sr2b:::::::*
cisco	unified_communications_manager	4.2(3)sr3	cpe:2.3:a:cisco:unified_communications_manager:4.2\(3\)sr3:::::::*
cisco	unified_communications_manager	4.2(3)sr4	cpe:2.3:a:cisco:unified_communications_manager:4.2\(3\)sr4:::::::*
cisco	unified_communications_manager	4.3	cpe:2.3:a:cisco:unified_communications_manager:4.3:::::::*
cisco	unified_communications_manager	4.3(1)sr.1	cpe:2.3:a:cisco:unified_communications_manager:4.3\(1\)sr.1:::::::*
cisco	unified_communications_manager	4.3(2)	cpe:2.3:a:cisco:unified_communications_manager:4.3\(2\):::::::*
cisco	unified_communications_manager	4.3(2)sr1	cpe:2.3:a:cisco:unified_communications_manager:4.3\(2\)sr1:::::::*