CVE-2018-0198

MEDIUM

Cisco Unified Communications Manager - Info Disclosure

Title source: llm

Description

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592.

References (3)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040342

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/102965

Scores

CVSS v3 5.3

EPSS 0.0072

EPSS Percentile 72.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-425 CWE-693

Status published

Products (1)

cisco/unified_communications_manager

Published Mar 27, 2018

Tracked Since Feb 18, 2026