Executive Summary

Summary
Title Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server
Informations
Name cisco-sa-20110824-cucm-cups First vendor Publication 2011-05-20
Vendor Cisco Last vendor Modification 2011-08-24
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Unified Communications Manager (previously known as Cisco CallManager) and Cisco Unified Presence Server contain an open query interface that could allow an unauthenticated, remote attacker to disclose the contents of the underlying databases on affected product versions.

Cisco has released free updated software for most supported releases. A security patch file is also available for all supported versions that will remediate this issue. The patch may be applied to active systems without requiring a reload. Customers are advised to apply a fixed version or upgrade to a fixed train. Customers who need to stay on a version for which updated software is not currently available or who can not immediately apply the update are advised to apply the patch.

No workarounds are available for this issue.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8 (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 48
Application 21

Open Source Vulnerability Database (OSVDB)

Id Description
74779 Cisco Multiple Products Open Query Interface Remote Information Disclosure