CVE-2019-1837 — Improper Validation of Array Index in Cisco Unified Communications Manager

CWE-129 — Improper Validation of Array Index CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGHNVD

CNA5.3

EPSS

0.3%

top 47.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager Cisco Unified Communications Manager

Timeline

PublishedApr 18

Latest updateMay 13

Description

A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this vulnerability by sending a crafted request to the UDS API of an affected device. A successful exploit could allow the attacker to make the A Cisco DB servi…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/unified_communications_manager4 versions+3

▶CVEListV5cisco/cisco_unified_communications_manager4 versions+3

🔴Vulnerability Details

GHSA

GHSA-gqfv-p773-g6r7: A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attack↗2022-05-13

▶

CVEList

Cisco Unified Communications Manager Denial of Service Vulnerability↗2019-04-18

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Denial of Service Vulnerability↗2019-04-17

▶