Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified Communications Domain Manager URI Enumeration Vulnerability

cisco-sa-20151027-ucd · Medium · Published · Updated

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to map a file system structure. The vulnerability is due to different handling of existent and nonexistent paths. An attacker could exploit this vulnerability by enumerating all possible URIs and gathering the answers that the server gives to those paths. A successful exploit could allow the attacker to determine the file system structure and which URIs are valid resources. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-ucd

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that mitigate this vulnerability.

CVEsCVE-2015-6352
Cisco Bug IDsCSCut67891
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C
Product Names From Source
Cisco Hosted Collaboration Solution, Cisco Unified Communications Domain Manager

Related Products

Product CVE Evidence
Cisco Hosted Collaboration Solution CVE-2015-6352 Cisco OpenVuln
Cisco Unified Communications Domain Manager CVE-2015-6352 Cisco OpenVuln