CVE-2015-4221

2015-06-2610:59:05

CWE-264

[email protected]

web.nvd.nist.gov

cisco

unified communications

vulnerability

security

cve-2015-4221

nvd

7.6 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

43.8%

JSON

Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194.

Affected configurations

NVD

Node

ciscounified_communications_manager_im_and_presence_serviceMatch9.1\(1\)

CPENameOperatorVersion
cisco:unified_communications_manager_im_and_presence_servicecisco unified communications manager im and presence serviceeq9.1\(1\)