The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco Unified Communications Manager

computer vulnerability announce CVE-2015-7703

NTP.org: file creation via pidfile/driftfile

Synthesis of the vulnerability

An authenticated attacker can force NTP.org, to corrupt a file with its privileges.
Impacted products: Cisco ASR, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco Unity ~ precise, Debian, Fedora, FreeBSD, Juniper J-Series, JUNOS, Meinberg NTP Server, NetBSD, NTP.org, openSUSE, openSUSE Leap, pfSense, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 25/08/2015.
Identifiers: cisco-sa-20151021-ntp, CVE-2015-5196-REJECT, CVE-2015-7703, DSA-3388-1, FEDORA-2015-14212, FEDORA-2015-77bfbc1bcd, FreeBSD-SA-15:25.ntp, JSA10711, NetBSD-SA2016-001, openSUSE-SU-2015:2016-1, openSUSE-SU-2016:1423-1, RHSA-2016:0780-01, RHSA-2016:2583-02, SSA:2015-302-03, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-2783-1, VIGILANCE-VUL-17747.

Description of the vulnerability

The ntpd command can send configuration directives to the NTP.org server (after authentication). For example:
  ntpq -c ":config pidfile /tmp/ntp.pid"
  ntpq -c ":config driftfile /tmp/ntp.drift"

However, when the server receives this command, it overwrites the requested file

An authenticated attacker can therefore force NTP.org, to corrupt a file with its privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 17665

Cisco Unified Communications Manager: information disclosure via SOAP

Synthesis of the vulnerability

An attacker can use a vulnerability in SOAP of Cisco Unified Communications Manager, in order to obtain sensitive information.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 13/08/2015.
Identifiers: CSCus88031, VIGILANCE-VUL-17665, VP2015-001.

Description of the vulnerability

The Cisco Unified Communications Manager product offers a SOAP service.

However, an attacker can use a hard coded session identifier to call the "GetUserLoginInfoHandler" and "GetLoggedinXMPPUserHandler" methods.

An attacker can therefore use a vulnerability in SOAP of Cisco Unified Communications Manager, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note 17664

Cisco Unified Communications Manager: ping execution

Synthesis of the vulnerability

An unauthenticated attacker can call pingExecute of Cisco Unified Communications Manager, in order to obtain information about the network.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 13/08/2015.
Identifiers: CSCum05290, VIGILANCE-VUL-17664, VP2015-001.

Description of the vulnerability

The Cisco Unified Communications Manager product offers a web service.

However, an unauthenticated attacker can call the pingExecute page, which is used to ping an IP address.

An unauthenticated attacker can therefore call pingExecute of Cisco Unified Communications Manager, in order to obtain information about the network.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-4294

Cisco Unified Communications Manager: Cross Site Scripting of IM and Presence Service

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in IM and Presence Service of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 03/08/2015.
Identifiers: 40217, CSCut41766, CVE-2015-4294, VIGILANCE-VUL-17561.

Description of the vulnerability

The Cisco Unified Communications Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in IM and Presence Service of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-4295

Cisco Unified Communications Manager: information disclosure via Prime Collaboration Deployment

Synthesis of the vulnerability

An attacker can use a vulnerability in Prime Collaboration Deployment of Cisco Unified Communications Manager, in order to obtain sensitive information.
Impacted products: Prime Collaboration Manager, Cisco CUCM.
Severity: 2/4.
Creation date: 31/07/2015.
Identifiers: 40223, CSCuv21819, CVE-2015-4295, VIGILANCE-VUL-17551.

Description of the vulnerability

The Cisco Unified Communications Manager product offers a web service.

However, an attacker can use an url to bypass access restrictions to data, and to view system root credentials.

An attacker can therefore use a vulnerability in Prime Collaboration Deployment of Cisco Unified Communications Manager, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-4272

Cisco Unified Communications Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 15/07/2015.
Identifiers: 39905, CSCut19580, CVE-2015-4272, VIGILANCE-VUL-17410.

Description of the vulnerability

The Cisco Unified Communications Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2015-4269

Cisco Unified Communications Manager: denial of service via Tomcat Throttling

Synthesis of the vulnerability

An attacker can open numerous sessions to Cisco Unified Communications Manager, in order to trigger a denial of service.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 15/07/2015.
Identifiers: 39877, CSCuu99709, CVE-2015-4269, VIGILANCE-VUL-17409.

Description of the vulnerability

The Cisco Unified Communications Manager product offers a Tomcat service.

However, an attacker can use numerous authenticated sessions, in order to overload Tomcat.

An attacker can therefore open numerous sessions to Cisco Unified Communications Manager, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-1793

OpenSSL: X.509 certification chain forgery

Synthesis of the vulnerability

An attacker can force OpenSSL to accept spoofed certificates, in order to listen for encrypted communications or bypass signature based authentication.
Impacted products: DCFM Enterprise, Brocade Network Advisor, Brocade vTM, ASA, Cisco Catalyst, IOS XE Cisco, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, Cisco CUCM, Clearswift Email Gateway, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FreeBSD, hMailServer, HP Switch, HP-UX, IRAD, Juniper J-Series, JUNOS, McAfee Email Gateway, McAfee NGFW, OpenSSL, Oracle Communications, Solaris, Slackware, Splunk Enterprise, stunnel, Synology DSM, Synology DS***, Synology RS***, Nessus, Websense Web Security, X2GoClient.
Severity: 3/4.
Creation date: 09/07/2015.
Identifiers: 1962398, 1963151, BSA-2015-009, bulletinjul2015, c04760669, c05184351, CERTFR-2015-AVI-285, CERTFR-2015-AVI-431, cisco-sa-20150710-openssl, cpuoct2017, CVE-2015-1793, FEDORA-2015-11414, FEDORA-2015-11475, FreeBSD-SA-15:12.openssl, HPSBHF03613, HPSBUX03388, JSA10694, SB10125, SOL16937, SPL-103044, SSA:2015-190-01, SSRT102180, VIGILANCE-VUL-17337.

Description of the vulnerability

A certificate validation begins with the creation of a certificate chain, where each certificate provides the public key used to check the signature of the next certificate.

The creation of this chain may be non deterministic, especially when some identification X.509v3 extensions like "Authority Key Identifier" are not provided. When a candidate chain does not allow to validate a given certificate, OpenSSL 1.0.1 and 1.0.2 attempt to find another candidate chain. However, during these attempts, some required checks on the chain are not performed anymore. As a consequence, an attacker can make OpenSSL use its own certificate as a CA certificate, even if it includes the "basicConstraint" extension stating "CA: no". So it can create certificates for any name.

This vulnerability impacts clients checking a server certificate, and TLS servers checking a client certificate.

An attacker can therefore force OpenSSL to accept spoofed certificates, in order to listen for encrypted communications or bypass signature based authentication.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-4196

Cisco Unified Communications Domain Manager: well known password for privileged account

Synthesis of the vulnerability

An attacker can use a well known password for Cisco Unified Communications Domain Manager, in order to get root privileges.
Impacted products: Cisco CUCM.
Severity: 4/4.
Creation date: 02/07/2015.
Identifiers: CERTFR-2015-AVI-278, cisco-sa-20150701-cucdm, CVE-2015-4196, VIGILANCE-VUL-17295.

Description of the vulnerability

The Cisco Unified Communications Domain Manager product offers an SSH service.

A privileged account is reachable via SSH, and the associated password is identically defined for all product instances. Moreover, this account allows to get administration privileges. (The announce from Cisco does not allow to know whether the privileged account is directly the root account, or for instance an intermediate account that may use "sudo" without restrictions.). Finally, this password can not be changed without breaking some functions. So, an attacker can access to all deployed products.

An attacker can therefore use a well known password for Cisco Unified Communications Domain Manager, in order to get root privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-4229

Cisco Unified Communications Domain Manager: unauthorized access to the "bvsmweb" directory

Synthesis of the vulnerability

An attacker can view the content of the directory "bvsmweb" in Cisco Unified Communications Domain Manager, in order to get maybe sensitive information.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 30/06/2015.
Identifiers: 39557, CVE-2015-4229, VIGILANCE-VUL-17267.

Description of the vulnerability

The Cisco Unified Communications Domain Manager product offers a web service.

The access to this directory "bvsmweb" in this interface should be restricted. However, some access checks are missing and the directory content may be retrieved by any client.

An attacker can therefore view the content of the directory "bvsmweb" in Cisco Unified Communications Domain Manager, in order to get maybe sensitive information.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco Unified Communications Manager: