CVE-2018-0267

CVE Database · CVE-2018-0267

CVE-2018-0267

· MEDIUMModified

CVSS v3.1

6.5

EPSS

0.36%

Published

Apr 19, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Weaknesses (CWE)

CWE-200CWE-425

Affected Products (4)

cisco · unified_communications_managervulnerable

References (6)

http://www.securityfocus.com/bid/103937

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040719

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1