Home

CVE-2016-1319

Description

Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.162

Associated Vulnerability

VulnerabilityOS Platform
Cisco Unified Products Information Disclosure Vulnerability For Cisco Unified Contact Center ExpressNCM
Cisco Unified Products Information Disclosure Vulnerability For Cisco Unity ConnectionNCM
Cisco Unified Products Information Disclosure Vulnerability For Cisco Unified Communications Manager (CallManager)NCM
Cisco Unified Products Information Disclosure Vulnerability For Cisco Unified Communications Manager IM & Presence ServiceNCM
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1319)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706052Security Update for Cisco Unified Contact Center Express 11.6(1)
PATCH-1706048Security Update for Cisco Unity Connection 12.0(0.97000.184)
PATCH-1706016Security Update for Cisco Unified Communications Manager (CallManager) CUP.11.5(1.12900.25)
PATCH-1706022Security Update for Cisco Unified Communications Manager IM & Presence Service CUP.11.5(1.12900.25)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234