CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
50.4%
A vulnerability in the web management interface of the Cisco Unified
Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view
information on web pages that should be restricted.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:cisco:unified_communications_manager_im_and_presence_service";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.106453");
script_tag(name:"last_modification", value:"2024-09-13 05:05:46 +0000 (Fri, 13 Sep 2024)");
script_tag(name:"creation_date", value:"2016-12-08 15:34:12 +0700 (Thu, 08 Dec 2016)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_version("2024-09-13T05:05:46+0000");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2017-01-05 13:41:00 +0000 (Thu, 05 Jan 2017)");
script_cve_id("CVE-2016-6464");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability");
script_category(ACT_GATHER_INFO);
script_family("CISCO");
script_copyright("Copyright (C) 2016 Greenbone AG");
script_dependencies("gb_cisco_cucmim_version.nasl");
script_mandatory_keys("cisco/cucmim/version");
script_tag(name:"impact", value:"An exploit could allow the attacker to view web pages that should have been
restricted.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The vulnerability is due to a lack of proper input validation performed on
the HTTP packet header. An attacker could exploit this vulnerability by sending a crafted packet to the targeted
device.");
script_tag(name:"solution", value:"See the vendors advisory for solutions.");
script_tag(name:"summary", value:"A vulnerability in the web management interface of the Cisco Unified
Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view
information on web pages that should be restricted.");
script_tag(name:"affected", value:"Versions 10.5(1), 10.5(2), 11.0(1) and 11.5(1)");
script_xref(name:"URL", value:"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!version = get_app_version(cpe:CPE))
exit(0);
# For example: 10.0.1.10000-26
version = str_replace( string:version, find:"-", replace:"." );
if (version =~ "^10\.5\.1") {
report = report_fixed_ver(installed_version: version, fixed_version: "See vendor advisory");
security_message(port: 0, data: report);
exit(0);
}
if (version =~ "^10\.5\.2") {
report = report_fixed_ver(installed_version: version, fixed_version: "See vendor advisory");
security_message(port: 0, data: report);
exit(0);
}
if (version =~ "^11\.0\.1") {
report = report_fixed_ver(installed_version: version, fixed_version: "See vendor advisory");
security_message(port: 0, data: report);
exit(0);
}
if (version =~ "^11\.5\.1") {
report = report_fixed_ver(installed_version: version, fixed_version: "See vendor advisory");
security_message(port: 0, data: report);
exit(0);
}
exit(99);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
50.4%