CVE-2018-0266

Опубликовано: 19 апр. 2018

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218.

Ссылки

http://www.securityfocus.com/bid/103933
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040718
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm
Vendor Advisory
http://www.securityfocus.com/bid/103933
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040718
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_communications_manager:11.0\(1.10000.10\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00309

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

CWE-425

Связанные уязвимости

GHSA-q9h8-j8cr-j8q5