CVE-2018-0105

CVE Database · CVE-2018-0105

CVE-2018-0105

· MEDIUMModified

CVSS v3.1

5.3

EPSS

1.75%

Published

Jan 18, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-200CWE-425

Affected Products (1)

cisco · unified_communications_managervulnerable

References (6)

http://www.securityfocus.com/bid/102725

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040245

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm