Information disclosure in Cisco Unified Communications Manager
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-0267 CVE-2018-0266 |
| CWE-ID | CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Unified Communications Manager (CallManager) Server applications / Remote management servers, RDP, SSH |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU12061
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0267
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to obtain potentially sensitive information.
The weakness exists due to insufficient protection of database tables over the web interface. A local attacker can browse to a specific URL and gain access to potentially sensitive information including LDAP credentials.
MitigationUpdate to versions UCMAP.12.5(0.98000.160)CUP.12.5(0.98000.468), CUC.12.5(0.97000.165), CUC.12.0(1.22008.1), CCM.12.5(0.98000.356), CCM.12.0(1.22013.1), CCM.11.5(1.15074.1), CCM.11.0(1.25093.1), CCM.10.5(2.17900.2) or CCM.10.5(2.17147.1).
Unified Communications Manager (CallManager): 10.5.2.10000.5 - 12.0.1.10000.10
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU12062
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0266
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The weakness exists due to insufficient protection of database tables over the web interface. A remote attacker can browse to a specific URL and view configuration parameters.
MitigationUpdate to versions UCMAP.12.5(0.98000.134), CUP.12.5(0.98000.352), CUP.11.5(1.14900.17), CUC.12.5(0.97000.108), CUC.12.0(1.22007.1), CCM.12.5(0.98000.267), CCM.12.0(1.22011.1), CCM.11.5(1.14900.11), CCM.11.5(1.14900.5), CCM.11.5(1.14071.1), CCM.11.0(1.25091.1), CCM.10.5(2.17900.1) or CCM.10.5(2.17148.1).
Vulnerable software versionsUnified Communications Manager (CallManager): 10.5.2.10000.5 - 12.0.1.10000.10
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
