Lucene search

[email protected]CVE-2018-0266

HistoryApr 19, 2018 - 8:29 p.m.

CVE-2018-0266

2018-04-1920:29:00

CWE-425

[email protected]

web.nvd.nist.gov

security

vulnerability

cisco

unified communications manager

authenticated

remote attacker

sensitive data

database tables

web interface

exploit

configuration parameters

cve-2018-0266

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

35.7%

JSON

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218.

CPENameOperatorVersion
cisco:unified_communications_managercisco unified communications managereq11.0\(1.10000.10\)
cisco:unified_communications_managercisco unified communications managereq11.5\(1.10000.6\)
cisco:unified_communications_managercisco unified communications managereq10.5\(2.10000.5\)
cisco:unified_communications_managercisco unified communications managereq12.0\(1.10000.10\)

CPE	Name	Operator	Version
cisco:unified_communications_manager	cisco unified communications manager	eq	11.0\(1.10000.10\)
cisco:unified_communications_manager	cisco unified communications manager	eq	11.5\(1.10000.6\)
cisco:unified_communications_manager	cisco unified communications manager	eq	10.5\(2.10000.5\)
cisco:unified_communications_manager	cisco unified communications manager	eq	12.0\(1.10000.10\)

References

www.securityfocus.com/bid/103933

www.securitytracker.com/id/1040718

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

35.7%

JSON

Related for CVE-2018-0266

cvelist1 nessus1 prion1 cisco1