Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified Products Information Disclosure Vulnerability

cisco-sa-20160208-ucm · Medium · Published · Updated

A vulnerability in the key management feature of multiple Cisco Unified products could allow an unauthenticated, local attacker to read sensitive data. The vulnerability is due to an encryption key that can be read in plain text. An attacker could exploit this vulnerability by determining the key and decrypting certain data sets. An exploit could allow the attacker to read and disclose sensitive data. Cisco released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2016-1319
Cisco Bug IDsCSCuv85926, CSCuv85929, CSCuv85931, CSCuv85949, CSCuv85958, CSCuv85998
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco Unity Connection, Cisco Unified Communications Manager, Cisco Unified Contact Center Express, Cisco Unified Communications Manager IM and Presence Service

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2016-1319 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2016-1319 Cisco OpenVuln
Cisco Unity Connection CVE-2016-1319 Cisco OpenVuln
Cisco Unity CVE-2016-1319 Cisco OpenVuln
Cisco Unified Contact Center Express CVE-2016-1319 Cisco OpenVuln
Cisco Unified Contact Center CVE-2016-1319 Cisco OpenVuln
Cisco Unified Communications Manager IM and Presence Service CVE-2016-1319 Cisco OpenVuln
Cisco Unified Communications Manager CVE-2016-1319 Cisco OpenVuln