CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
65.6%
A vulnerability in the Certificate Authority Proxy Function (CAPF) of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to change information related to registered devices.
The vulnerability is due to insufficient authentication enforcement. An attacker could exploit this vulnerability by submitting crafted information regarding the device to CAPF. An exploit could allow the attacker to change certain information regarding a registered device.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | unified_communications_manager | any | cpe:2.3:a:cisco:unified_communications_manager:any:*:*:*:*:*:*:* |