CVE-2011-1643

CWE-200 — Information Exposure3 documents3 sources

Severity

10.0CRITICAL

EPSS

1.2%

top 21.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager Cisco Unified Presence Server

Timeline

PublishedAug 29

Latest updateMay 17

Description

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDcisco/unified_presence_server21 versions+20

▶NVDcisco/unified_communications_manager48 versions+47

🔴Vulnerability Details

GHSA

GHSA-cpx8-r248-xrj3: Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6↗2022-05-17

▶

CVEList

CVE-2011-1643: Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6↗2011-08-29

▶