CVE-2011-4232 — Sensitive Information Exposure in Cisco Unified Meetingplace

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 54.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Meetingplace

Timeline

PublishedMay 3

Latest updateMay 17

Description

The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/unified_meetingplace6.1, 8.5+1

🔴Vulnerability Details

GHSA

GHSA-hqm4-73mw-3x29: The web server in Cisco Unified MeetingPlace 6↗2022-05-17

▶

CVEList

CVE-2011-4232: The web server in Cisco Unified MeetingPlace 6↗2012-05-03

▶

📋Vendor Advisories

Cisco

Cisco Unified MeetingPlace Directory Enumeration Information Disclosure Vulnerability↗2012-05-11

▶