cisco-sa-20161207-ucm

Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability

cisco-sa-20161207-ucm · Medium · Published 9 years ago · Updated 9 years ago

A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. The vulnerability is due to a lack of proper input validation performed on the HTTP packet header. An attacker could exploit this vulnerability by sending a crafted packet to the targeted device. An exploit could allow the attacker to view web pages that should have been restricted. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2016-6464
Cisco Bug IDs	CSCva49629
CVSS Score	Base 5.0 Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Product Names From Source	Cisco Unified Communications Manager IM and Presence Service

Related Products

Product	CVE	Evidence
Cisco Unified Communications Manager	CVE-2016-6464	Cisco OpenVuln
Cisco Unified Communications Manager IM and Presence Service	CVE-2016-6464	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability

Workarounds

Related Products