Описание
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.
Ссылки
- Third Party Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Permissions Required
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Permissions Required
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 4.2 (включая) до 4.2\(3\)sr4 (исключая)Версия от 4.3 (включая) до 4.3\(2\)sr1 (исключая)Версия от 5.0 (включая) до 5.1\(3c\) (исключая)Версия от 6.0 (включая) до 6.1\(2\) (исключая)
Одно из
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00638
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.
EPSS
Процентиль: 70%
0.00638
Низкий
5 Medium
CVSS2
Дефекты
CWE-264