CVE-2015-6352

CWE-200 — Information Exposure4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 48.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Hosted Collaboration Solution Cisco Unified Communications Domain Manager

Timeline

PublishedOct 30

Latest updateMay 17

Description

Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDcisco/unified_communications_domain_manager10.6_base

▶NVDcisco/hosted_collaboration_solution10.6_base

🔴Vulnerability Details

GHSA

GHSA-g6vr-9cmw-9pwh: Cisco Unified Communications Domain Manager before 10↗2022-05-17

▶

CVEList

CVE-2015-6352: Cisco Unified Communications Domain Manager before 10↗2015-10-30

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Domain Manager URI Enumeration Vulnerability↗2015-10-28

▶