The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Cisco Unified Communications Manager: information disclosure via Prime Collaboration Deployment

Synthesis of the vulnerability

An attacker can use a vulnerability in Prime Collaboration Deployment of Cisco Unified Communications Manager, in order to obtain sensitive information.
Severity of this announce: 2/4.
Creation date: 31/07/2015.
Références of this computer vulnerability: 40223, CSCuv21819, CVE-2015-4295, VIGILANCE-VUL-17551.

Description of the vulnerability

The Cisco Unified Communications Manager product offers a web service.

However, an attacker can use an url to bypass access restrictions to data, and to view system root credentials.

An attacker can therefore use a vulnerability in Prime Collaboration Deployment of Cisco Unified Communications Manager, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

This cybersecurity announce impacts software or systems such as Prime Collaboration Manager, Cisco CUCM.

Our Vigil@nce team determined that the severity of this threat alert is medium.

The trust level is of type confirmed by the editor, with an origin of intranet client.

An attacker with a expert ability can exploit this computer weakness alert.

Solutions for this threat

Cisco Unified Communications Manager: solution CSCuv21819.
The solution CSCuv21819 is available:
  https://tools.cisco.com/bugsearch/bug/CSCuv21819
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability watch. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.