CVE-2016-6464 — Sensitive Information Exposure in Cisco Unified Communications Manager

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.4%

top 19.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager Cisco Unified Communications Manager IM AND Presence Service

Timeline

PublishedDec 14

Latest updateMay 17

Description

A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(1.12000.2) 12.0(0.98000.181).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/unified_communications_manager_im_and_presence_service4 versions+3

▶CVEListV5cisco/cisco_unified_communications_managerCisco Unified Communications Manager

🔴Vulnerability Details

GHSA

GHSA-rc2h-r2hc-7r57: A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, re↗2022-05-17

▶

CVEList

CVE-2016-6464: A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, re↗2016-12-14

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability↗2016-12-07

▶