CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
62.2%
A vulnerability in the log4jinit web application of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to access the log4jinit web application.
The vulnerability is due to insufficient authentication checking when accessing the log4jinit web application. An attacker could exploit this vulnerability by accessing the log4jinit web application. An exploit could allow the attacker to generate activity in the log4jinit web application and cause performance issues for users currently logged into the Cisco UCM command line.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks and the ability to locate an affected device, which may require footprinting the network. These access requirements could limit the possibility of a successful exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | unified_communications_manager | any | cpe:2.3:a:cisco:unified_communications_manager:any:*:*:*:*:*:*:* |