You are here

T-703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents

August 26, 2011 - 3:45pm

Addthis

PROBLEM:

A vulnerability was reported in Cisco Unified Communications Manager. A remote user can obtain database contents

PLATFORM:

Cisco Unified Communications Manager 6.x, 7.x, 8.0, 8.5

ABSTRACT:

A remote user can obtain database contents, including authentication credentials.

reference LINKS:

SecurityTracker Alert ID: 1025971
Cisco Document ID: 113190

IMPACT ASSESSMENT:

High

Discussion:

A vulnerability was reported in Cisco Unified Communications Manager. A remote user can obtain database contents. A remote user can access an open query interface on TCP port 443 or 8443 to obtain contents of the underlying databases on the target system. This may include authentication credentials, configuration details, and other sensitive information. Cisco has assigned Cisco Bug IDs CSCti81574, CSCto63060, and CSCto72183 to this vulnerability.

Impact:

A remote user can obtain database contents, including authentication credentials.

Solution:

The vendor has issued a fix. Applied Mitigation Bulletin

Addthis