Executive Summary

Informations
NameCVE-2018-0474First vendor Publication2019-01-10
VendorCveLast vendor Modification2019-02-14

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Cvss Base Score4Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0474

CWE : Common Weakness Enumeration

%idName
100 %CWE-255Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/106538
CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2019-02-14 21:19:38
  • Multiple Updates
2019-01-14 17:19:25
  • Multiple Updates
2019-01-10 21:18:55
  • First insertion