CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0725
https://notcve.org/view.php?id=CVE-2014-0725
Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. Cisco Unified Communications Manager (UCM) no requiere autenticación para la lectura de archivos WAR, lo que permite a atacantes remotos obtener información sensible a través del acceso no especificado a "file storage location," también conocido como Bug ID CSCum05337. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725 • CWE-287: Improper Authentication •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0686
https://notcve.org/view.php?id=CVE-2014-0686
Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. Cisco Unified Communications Manager (también conocido como Unified CM) 9.1 (2.10000.28) y anteriores permite a usuarios locales obtener privilegios mediante el aprovechamiento de los permisos de fichero no correctos, también conocido como Bug IDs CSCul24917 y CSCul24908. • http://osvdb.org/102750 http://secunia.com/advisories/56818 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686 http://tools.cisco.com/security/center/viewAlert.x?alertId=32683 http://www.securityfocus.com/bid/65281 https://exchange.xforce.ibmcloud.com/vulnerabilities/90852 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 113EXPL: 0CVE-2014-0657
https://notcve.org/view.php?id=CVE-2014-0657
The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540. El portal de administración en Cisco Unified Communications Manager (Unified CM) 9.1 (1) y anteriores no maneja apropiadamente las restricciones por rol, lo que permite a usuarios remotos autenticados sortear el control de acceso basado en rol a través de múltiples visitas a la URL "forbidden portal", tambien conocido como Bug ID CSCuj83540. • http://osvdb.org/101800 http://secunia.com/advisories/56368 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0657 http://tools.cisco.com/security/center/viewAlert.x?alertId=32341 http://www.securityfocus.com/bid/64690 http://www.securitytracker.com/id/1029571 https://exchange.xforce.ibmcloud.com/vulnerabilities/90120 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 113EXPL: 0CVE-2013-6978
https://notcve.org/view.php?id=CVE-2013-6978
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249. El componente disaster recovery system (DRS) en CIsco Unified Communications Manager (UCM) 9.1 (1) y anteriores permite usuarios remotos autenticados obtener información sensible dle dispositivo leyendo "extraneous information" en el código fuente HTML, tambien conocido como Bug ID CSCuj39249. • http://osvdb.org/101162 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6978 http://tools.cisco.com/security/center/viewAlert.x?alertId=32219 http://www.securityfocus.com/bid/64421 http://www.securitytracker.com/id/1029520 https://exchange.xforce.ibmcloud.com/vulnerabilities/89834 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 56%CPEs: 1EXPL: 2CVE-2013-7030 – Cisco Unified Communications Manager - TFTP Service
https://notcve.org/view.php?id=CVE-2013-7030
The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue EN DISPUTA ** ** El servicio TFTP en Cisco Unified Communications Manager (también conocido como CUCM o Unified CM) permite a atacantes remotos obtener información sensible de un teléfono a través de una operación RRQ, como lo demuestra el descubrimiento de un campo UseUserCredential texto plano en un fichero SPDefault.cnf.xml . NOTA: el vendedor , discute la importancia de este informe, afirmando que se trata de un comportamiento predeterminado se esperaba, y que en la documentación del producto se describe el uso de la opción TFTP cifrados Config para tratar este asunto. • https://www.exploit-db.com/exploits/30237 http://osvdb.org/100916 http://www.exploit-db.com/exploits/30237 https://exchange.xforce.ibmcloud.com/vulnerabilities/89649 • CWE-310: Cryptographic Issues •