CVE-2018-0266

MEDIUM

Cisco Unified Communications Manager - Information Disclosure

Title source: rule

Description

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218.

References (3)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103933

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040718

Scores

CVSS v3 4.3

EPSS 0.0031

EPSS Percentile 54.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200 CWE-425

Status published

Products (4)

cisco/unified_communications_manager 10.5\(2.10000.5\)

cisco/unified_communications_manager 11.0\(1.10000.10\)

cisco/unified_communications_manager 11.5\(1.10000.6\)

cisco/unified_communications_manager 12.0\(1.10000.10\)

Published Apr 19, 2018

Tracked Since Feb 18, 2026