Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0267

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116.

Published

2018-04-19T20:29:01.533

Last Modified

2024-11-21T03:37:50.813

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-200
  • Type: Primary
    CWE-425
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco unified_communications_manager 10.5\(2.10000.5\) Yes
Application cisco unified_communications_manager 11.0\(1.10000.10\) Yes
Application cisco unified_communications_manager 11.5\(1.10000.6\) Yes
Application cisco unified_communications_manager 12.0\(1.10000.10\) Yes
References