CVE-2018-0474

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (affected versions not specified)

Description The issue is related to insufficient protection of saved passwords when loading configuration pages in the web interface of Cisco Unified Communications Manager. This could allow a remote attacker to gain access to sensitive information. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages, which could be exploited by an authenticated attacker viewing the source code of the configuration page, potentially allowing them to recover passwords and expose accounts to further attacks.

Recommendations For all affected versions, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, avoid viewing the source code of configuration pages in the Cisco Unified Communications Manager web-based management interface to minimize the risk of password exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.