CVE-2018-0267

MEDIUM

Cisco Unified Communications Manager - Authenticated Exposure of Sensitive Information via Web Interface

Title source: llm

Description

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040719

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103937

Vendor Advisory x_refsource_confirm

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1

Scores

CVSS v3 6.5

EPSS 0.0036

EPSS Percentile 28.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200 CWE-425

Status published

Products (4)

cisco/unified_communications_manager 10.5\(2.10000.5\)

cisco/unified_communications_manager 11.0\(1.10000.10\)

cisco/unified_communications_manager 11.5\(1.10000.6\)

cisco/unified_communications_manager 12.0\(1.10000.10\)

Published Apr 19, 2018

Tracked Since Feb 18, 2026