CVE-2018-0105

MEDIUM

Cisco Unified Communications Manager - Information Disclosure

Title source: rule

Description

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269.

References (3)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040245

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/102725

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm

Scores

CVSS v3 5.3

EPSS 0.0147

EPSS Percentile 81.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200 CWE-425

Status published

Products (1)

cisco/unified_communications_manager

Published Jan 18, 2018

Tracked Since Feb 18, 2026