CVE-2018-0267
Description
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.067
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Unified Communications Manager LDAP Information Disclosure Vulnerability For Cisco Unified Communications Manager (CallManager) | NCM |
| Direct Request (Forced Browsing) Vulnerability (CVE-2018-0267) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706016 | Security Update for Cisco Unified Communications Manager (CallManager) CUP.11.5(1.12900.25) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234