Cisco Unified Communications Manager Information Disclosure Vulnerability

2016-08-17T16:00:00
ID CISCO-SA-20160817-UCM
Type cisco
Reporter Cisco
Modified 2016-08-15T17:15:55

Description

A vulnerability in the User Data Services (UDS) Application Programming Interface (API) for Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view confidential information that should require authentication.

The vulnerability is due to improper authentication controls for certain information returned by the UDS API. An attacker could exploit this vulnerability by accessing the UDS API. An exploit could allow the attacker to view certain information that is confidential and should require authentication to retrieve via the UDS API.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm"]