CVE-2013-7030
HIGHCisco Unified Communications Manager - Cryptographic Issue
Title source: ruleDescription
The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by daniel svartman · bashlocalhardware
https://www.exploit-db.com/exploits/30237
Scores
CVSS v3
7.3
EPSS
0.1027
EPSS Percentile
93.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Details
CWE
CWE-310
Status
published
Products (1)
cisco/unified_communications_manager
Published
Dec 12, 2013
Tracked Since
Feb 18, 2026