CVE-2013-4869

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions 7.1(x) through 9.1(2) Cisco Unified Presence Server versions 7.1(x) through 9.1(2)

Description The software uses the same CTI and database-encryption key across different customers' installations, making it easier for attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key.

Recommendations For Cisco Unified Communications Manager versions 7.1(x) through 9.1(2), consider changing the hard-coded static encryption key to a unique key for each installation. For Cisco Unified Presence Server versions 7.1(x) through 9.1(2), consider changing the hard-coded static encryption key to a unique key for each installation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.