CVE-2013-7030

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (affected versions not specified)

Description The TFTP service allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. The vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.