CVE-2018-0266
MEDIUMCisco Unified Communications Manager - Authenticated Exposure of Sensitive Configuration Data via Web Interface
Title source: llmDescription
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103933
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040718
Scores
CVSS v3
4.3
EPSS
0.0178
EPSS Percentile
75.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
CWE-425
Status
published
Products (4)
cisco/unified_communications_manager
10.5\(2.10000.5\)
cisco/unified_communications_manager
11.0\(1.10000.10\)
cisco/unified_communications_manager
11.5\(1.10000.6\)
cisco/unified_communications_manager
12.0\(1.10000.10\)
Published
Apr 19, 2018
Tracked Since
Feb 18, 2026