PT-2015-6468 · Cisco · Cisco Unified Communications Manager Im/Presence Service

Publicado

2015-06-26

Atualizado

2016-12-28

CVE-2015-4221

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager IM and Presence Service version 9.1(1)

Description The issue allows remote attackers to determine cleartext passwords and execute arbitrary commands by visiting an unspecified web page and conducting a decryption attack.

Recommendations For Cisco Unified Communications Manager IM and Presence Service version 9.1(1), update to a version that properly restricts access to encrypted passwords to prevent remote attackers from determining cleartext passwords and executing arbitrary commands.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2015-4221

Produtos afetados

Cisco Unified Communications Manager Im/Presence Service

PT-2015-6468 · Cisco · Cisco Unified Communications Manager Im/Presence Service

CVE-2015-4221

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4