Detections
Analytics

Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability (CSCur63497)

medium Nessus Plugin ID 80460

Language:

Synopsis

The remote host is missing a vendor-supplied security patch.

Description

According to its self-reported version, the Cisco Unified Communications Manager IM and Presence Server installed on the remote host is affected by a user enumeration vulnerability due to improper sanitation of returned messages. An attacker can exploit this vulnerability by sending a series of specially crafted URL requests to obtain information regarding valid user accounts.

Solution

Upgrade to Cisco Unified Presence Server 9.1(1.61900.7) or later.

See Also

https://tools.cisco.com/security/center/viewAlert.x?alertId=36467

http://www.nessus.org/u?011ba5a3

Plugin Details

Severity: Medium

ID: 80460

File Name: cisco-sn-CVE-2014-8000-cups.nasl

Version: 1.5

Type: local

Family: CISCO

Published: 1/12/2015

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:cisco:unified_communications_manager_im_and_presence_service, cpe:/a:cisco:unified_communications_manager, cpe:/a:cisco:unified_presence_server

Required KB Items: Host/UCOS/Cisco Unified Presence/version

Exploit Ease: No known exploits are available

Patch Publication Date: 11/19/2014

Vulnerability Publication Date: 11/19/2014

Reference Information

CVE: CVE-2014-8000

BID: 71173

CISCO-BUG-ID: CSCur63497