Executive Summary
Summary | |
---|---|
Title | Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server |
Informations | |||
---|---|---|---|
Name | cisco-sa-20110824-cucm-cups | First vendor Publication | 2011-05-20 |
Vendor | Cisco | Last vendor Modification | 2011-08-24 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Unified Communications Manager (previously known as Cisco CallManager) and Cisco Unified Presence Server contain an open query interface that could allow an unauthenticated, remote attacker to disclose the contents of the underlying databases on affected product versions. Cisco has released free updated software for most supported releases. A security patch file is also available for all supported versions that will remediate this issue. The patch may be applied to active systems without requiring a reload. Customers are advised to apply a fixed version or upgrade to a fixed train. Customers who need to stay on a version for which updated software is not currently available or who can not immediately apply the update are advised to apply the patch. No workarounds are available for this issue. |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8 (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74779 | Cisco Multiple Products Open Query Interface Remote Information Disclosure |