CVE-2015-4295

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager version 10.5(3.10000.9)

Description The issue is related to the Prime Collaboration Deployment component, which lacks protection of internal data. This allows a remote authenticated user to discover root credentials by making a direct request to an unspecified URL.

Recommendations For Cisco Unified Communications Manager version 10.5(3.10000.9), consider restricting access to the Prime Collaboration Deployment component until a fix is available. As a temporary workaround, limit the use of direct requests to unspecified URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.