Описание
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.0\(.1\) (включая)
Одно из
cpe:2.3:a:cisco:unified_communications_domain_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_domain_manager:7.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_domain_manager:8.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_domain_manager:8.6\(.2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_domain_manager:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00677
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643.
EPSS
Процентиль: 71%
0.00677
Низкий
5 Medium
CVSS2
Дефекты
CWE-264