CVE-2018-0267

MEDIUM

Cisco Unified Communications Manager - Information Disclosure

Title source: rule

Description

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116.

References (3)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040719

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103937

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1

Scores

CVSS v3 6.5

EPSS 0.0007

EPSS Percentile 20.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200 CWE-425

Status published

Products (4)

cisco/unified_communications_manager 10.5\(2.10000.5\)

cisco/unified_communications_manager 11.0\(1.10000.10\)

cisco/unified_communications_manager 11.5\(1.10000.6\)

cisco/unified_communications_manager 12.0\(1.10000.10\)

Published Apr 19, 2018

Tracked Since Feb 18, 2026