CVE-2018-0474 — Sensitive Information Exposure in Cisco Unified Communications Manager

CWE-200 — Sensitive Information Exposure CWE-522 — Insufficiently Protected Credentials4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 59.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager Cisco Unified Communications Manager

Timeline

PublishedJan 10

Latest updateMay 13

Description

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/unified_communications_manager10.5\(2.14076.1\)

▶CVEListV5cisco/cisco_unified_communications_managern/a

🔴Vulnerability Details

GHSA

GHSA-rf5j-69h6-8rvq: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view di↗2022-05-13

▶

CVEList

Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability↗2019-01-10

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability↗2019-01-09

▶