PT-2015-1637 · Cisco · Cisco Unified Communications Manager+1
Published
2015-07-31
·
Updated
2015-08-21
·
CVE-2015-4295
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Unified Communications Manager version 10.5(3.10000.9)
Description
The issue is related to the Prime Collaboration Deployment component, which lacks protection of internal data. This allows a remote authenticated user to discover root credentials by making a direct request to an unspecified URL.
Recommendations
For Cisco Unified Communications Manager version 10.5(3.10000.9), consider restricting access to the Prime Collaboration Deployment component until a fix is available. As a temporary workaround, limit the use of direct requests to unspecified URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Unified Communications Manager
Cisco Prime Collaboration Deployment