Information disclosure in Cisco Unified Communications Manager



Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2018-0267
CVE-2018-0266
CWE-ID CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Unified Communications Manager (CallManager)
Server applications / Remote management servers, RDP, SSH

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU12061

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-0267

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local authenticated attacker to obtain potentially sensitive information.

The weakness exists due to insufficient protection of database tables over the web interface. A local attacker can browse to a specific URL and gain access to potentially sensitive information including LDAP credentials.

Mitigation

Update to versions UCMAP.12.5(0.98000.160)CUP.12.5(0.98000.468), CUC.12.5(0.97000.165), CUC.12.0(1.22008.1), CCM.12.5(0.98000.356), CCM.12.0(1.22013.1), CCM.11.5(1.15074.1), CCM.11.0(1.25093.1), CCM.10.5(2.17900.2) or CCM.10.5(2.17147.1).

Vulnerable software versions

Unified Communications Manager (CallManager): 10.5.2.10000.5 - 12.0.1.10000.10

CPE2.3 External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU12062

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-0266

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.

The weakness exists due to insufficient protection of database tables over the web interface. A remote attacker can browse to a specific URL and view configuration parameters.

Mitigation

Update to versions UCMAP.12.5(0.98000.134), CUP.12.5(0.98000.352), CUP.11.5(1.14900.17), CUC.12.5(0.97000.108), CUC.12.0(1.22007.1), CCM.12.5(0.98000.267), CCM.12.0(1.22011.1), CCM.11.5(1.14900.11), CCM.11.5(1.14900.5), CCM.11.5(1.14071.1), CCM.11.0(1.25091.1), CCM.10.5(2.17900.1) or CCM.10.5(2.17148.1).

Vulnerable software versions

Unified Communications Manager (CallManager): 10.5.2.10000.5 - 12.0.1.10000.10

CPE2.3 External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###