PT-2015-6468 · Cisco · Cisco Unified Communications Manager Im/Presence Service

Published

2015-06-26

Updated

2016-12-28

CVE-2015-4221

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager IM and Presence Service version 9.1(1)

Description The issue allows remote attackers to determine cleartext passwords and execute arbitrary commands by visiting an unspecified web page and conducting a decryption attack.

Recommendations For Cisco Unified Communications Manager IM and Presence Service version 9.1(1), update to a version that properly restricts access to encrypted passwords to prevent remote attackers from determining cleartext passwords and executing arbitrary commands.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2015-4221

Affected Products

Cisco Unified Communications Manager Im/Presence Service

PT-2015-6468 · Cisco · Cisco Unified Communications Manager Im/Presence Service

CVE-2015-4221

Weakness Enumeration

Related Identifiers

Affected Products

References · 4