Cisco Unified Communications Manager WAR File Availability Vulnerability

ID CISCO-SA-20140213-CVE-2014-0725
Type cisco
Reporter Cisco
Modified 2014-02-13T21:06:45


A vulnerability in the availability of Cisco Unified Communications Manager (UCM) web archive (WAR) files could allow an unauthenticated, remote attacker to access the files.

The vulnerability is due to missing authentication requirements on locations that store WAR files. An attacker could exploit this vulnerability by connecting to the file storage location and accessing the files without providing authentication credentials. An exploit could allow the attacker to gain access to sensitive information within the retrieved files.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

It is likely that an attacker would need access to trusted, internal networks to connect to the file storage location on a targeted device. This access requirement decreases the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.