Access Control Vulnerability in Cisco Unified Communications Manager IM and Presence Service
CVE-2015-4221

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Communications Manager Im And Presence Service
Vendor: CVE Published:; 26 June 2015

Summary

Cisco Unified Communications Manager IM and Presence Service 9.1(1) contains a vulnerability that fails to adequately restrict access to encrypted passwords. This oversight allows remote attackers to exploit this weakness by navigating to a specific web page to perform a decryption attack on the stored credentials. Successful exploitation may enable the attacker to retrieve cleartext passwords and execute arbitrary commands on the system, posing significant security risks.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/75401

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1032716

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jun 26, 2015
Vulnerability Reserved
Jun 4, 2015