CVE-2015-4221

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Communications Manager Im And Presence Service
Vendor: CVE Published:; 26 June 2015

Summary

Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/75401

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1032716

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jun 26, 2015
Vulnerability Reserved
Jun 4, 2015