Account Enumeration Flaw in Cisco Unified Communications Manager IM and Presence Service
CVE-2014-8000

Currently unrated

Key Information:

Vendor

Cisco
Status
Unified Communications Manager Im And Presence Service
Vendor
CVE Published:
21 November 2014

What is CVE-2014-8000?

The Cisco Unified Communications Manager IM and Presence Service version 9.1(1) has a security flaw that allows remote attackers to enumerate user accounts. This occurs due to inconsistent responses generated by the service for URL requests based on the existence of a username. By exploiting this vulnerability, attackers can send a sequence of requests to identify valid usernames on the system, leading to potential account compromise.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...
x_refsource_CONFIRM
http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://secunia.com/advisories/62558
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.