CVE-2015-0680

CWE-200Information ExposureCWE-2644 documents4 sources
Severity
4.0MEDIUM
EPSS
0.2%
top 60.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Callmanager
Timeline
PublishedMar 28
Latest updateMay 17

Description

Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDcisco/unified_callmanager9.1\(2.1000.28\)

🔴Vulnerability Details

2
GHSA
GHSA-9wwm-mg8q-ph4g: Cisco Unified Call Manager (CM) 92022-05-17
CVEList
CVE-2015-0680: Cisco Unified Call Manager (CM) 92015-03-28

📋Vendor Advisories

1
Cisco
Cisco Unified Call Manager Arbitrary File Retrieval Vulnerability2015-03-27
CVE-2015-0680 (MEDIUM CVSS 4) | Cisco Unified Call Manager (CM) 9.1 | cvebase.io