CVE-2018-0266
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218.
Una vulnerabilidad en el framework web de Cisco Unified Communications Manager podría permitir que un atacante remoto autenticado visualice datos sensibles. Esta vulnerabilidad se debe a una protección de tablas de bases de datos insuficiente en la interfaz web. Un atacante podría explotar esta vulnerabilidad navegando hasta una URL específica. Su explotación podría permitir que el atacante vea parámetros de configuración. Cisco Bug IDs: CSCvf20218.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-27 CVE Reserved
- 2018-04-19 CVE Published
- 2023-09-10 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-425: Direct Request ('Forced Browsing')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/103933 | Third Party Advisory | |
http://www.securitytracker.com/id/1040718 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm | 2020-09-04 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 10.5\(2.10000.5\) Search vendor "Cisco" for product "Unified Communications Manager" and version "10.5\(2.10000.5\)" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 11.0\(1.10000.10\) Search vendor "Cisco" for product "Unified Communications Manager" and version "11.0\(1.10000.10\)" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 11.5\(1.10000.6\) Search vendor "Cisco" for product "Unified Communications Manager" and version "11.5\(1.10000.6\)" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 12.0\(1.10000.10\) Search vendor "Cisco" for product "Unified Communications Manager" and version "12.0\(1.10000.10\)" | - |
Affected
|