CVE-2016-1319

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions 9.1(2.10000.28) through 11.0(1.10000.10) Unified Communications Manager IM & Presence Service version 10.5(2) Unified Contact Center Express version 11.0(1) Unity Connection version 10.5(2)

Description The issue is related to the storage of a cleartext encryption key, allowing local users to obtain sensitive information. The vulnerability can be exploited by an attacker to gain confidential information.

Recommendations For Cisco Unified Communications Manager versions 9.1(2.10000.28) through 11.0(1.10000.10), consider restricting access to sensitive information until a fix is available. For Unified Communications Manager IM & Presence Service version 10.5(2), restrict access to the service to minimize the risk of exploitation. For Unified Contact Center Express version 11.0(1), limit access to confidential data to prevent unauthorized access. For Unity Connection version 10.5(2), avoid using the system until the issue is resolved. As a temporary workaround, consider disabling access to sensitive data for all affected systems until a patch is available.