CVE-2017-3836 — Sensitive Information Exposure in Cisco Unified Communications Manager

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 48.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager Cisco Unified Communications Manager

Timeline

PublishedFeb 22

Latest updateMay 17

Description

A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/unified_communications_manager11.5\(1.11007.2\)

▶CVEListV5cisco/cisco_unified_communications_managerCisco Unified Communications Manager

🔴Vulnerability Details

GHSA

GHSA-gq9h-cxxr-pjf4: A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data↗2022-05-17

▶

OSV

leptonlib vulnerabilities↗2021-03-15

▶

CVEList

CVE-2017-3836: A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data↗2017-02-22

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Information Disclosure Vulnerability↗2017-02-15

▶