CVE-2013-4869Insufficiently Protected Credentials in Cisco Unified Communications Manager

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
0.0N/ANVD
EPSS
0.1%
top 65.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Communications Manager
Timeline
PublishedJul 18
Latest updateMay 13

Description

Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is cons

CVSS vector

AV:N/AC:L/C:N/I:N/A:NExploitability: 10.0 | Impact: 0.0

Affected Packages1 packages

NVDcisco/unified_communications_manager7.1\(1\)9.1\(2\)

🔴Vulnerability Details

2
GHSA
GHSA-563c-77qf-c6mg: Cisco Unified Communications Manager (CUCM) 72022-05-13
CVEList
CVE-2013-4869: Cisco Unified Communications Manager (CUCM) 72013-07-18
CVE-2013-4869 — Insufficiently Protected Credentials | cvebase