PT-2014-8372 · Cisco · Cisco Unified Communications Manager Im/Presence Service

Published

2014-11-21

Updated

2017-09-08

CVE-2014-8000

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager IM and Presence Service version 9.1(1)

Description The issue allows remote attackers to enumerate user accounts via a series of URL requests, as different returned messages are produced depending on whether a username exists.

Recommendations For Cisco Unified Communications Manager IM and Presence Service version 9.1(1), consider restricting access to the URL request functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-8000

Affected Products

Cisco Unified Communications Manager Im/Presence Service

PT-2014-8372 · Cisco · Cisco Unified Communications Manager Im/Presence Service

CVE-2014-8000

Weakness Enumeration

Related Identifiers

Affected Products

References · 7