ID

VAR-201612-0158


CVE

CVE-2016-6464


TITLE

Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 94802 // CNNVD: CNNVD-201612-229

DESCRIPTION

A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(1.12000.2) 12.0(0.98000.181). An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCva49629

Trust: 1.98

sources: NVD: CVE-2016-6464 // JVNDB: JVNDB-2016-006279 // BID: 94802 // VULHUB: VHN-95284

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications manager im and presence servicescope:eqversion:10.5\(1\)

Trust: 1.6

vendor:ciscomodel:unified communications manager im and presence servicescope:eqversion:11.5\(1\)

Trust: 1.6

vendor:ciscomodel:unified communications manager im and presence servicescope:eqversion:11.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified communications manager im and presence servicescope:eqversion:10.5\(2\)

Trust: 1.6

vendor:ciscomodel:unified communications manager im and presence servicescope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications manager im and presence servicescope:eqversion:0

Trust: 0.3

sources: BID: 94802 // JVNDB: JVNDB-2016-006279 // CNNVD: CNNVD-201612-229 // NVD: CVE-2016-6464

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6464
value: HIGH

Trust: 1.0

NVD: CVE-2016-6464
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201612-229
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95284
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6464
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95284
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6464
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95284 // JVNDB: JVNDB-2016-006279 // CNNVD: CNNVD-201612-229 // NVD: CVE-2016-6464

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-95284 // JVNDB: JVNDB-2016-006279 // NVD: CVE-2016-6464

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-229

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201612-229

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:cisco:unified_communications_manager_im_and_presence_service"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2016-006279

PATCH

title:cisco-sa-20161207-ucmurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm

Trust: 0.8

title:Cisco Unified Communications Manager IM and Presence Service Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66266

Trust: 0.6

sources: JVNDB: JVNDB-2016-006279 // CNNVD: CNNVD-201612-229

EXTERNAL IDS

db:NVDid:CVE-2016-6464

Trust: 2.8

db:BIDid:94802

Trust: 1.4

db:SECTRACKid:1037412

Trust: 1.1

db:JVNDBid:JVNDB-2016-006279

Trust: 0.8

db:CNNVDid:CNNVD-201612-229

Trust: 0.7

db:VULHUBid:VHN-95284

Trust: 0.1

sources: VULHUB: VHN-95284 // BID: 94802 // JVNDB: JVNDB-2016-006279 // CNNVD: CNNVD-201612-229 // NVD: CVE-2016-6464

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-ucm

Trust: 2.0

url:http://www.securityfocus.com/bid/94802

Trust: 1.1

url:http://www.securitytracker.com/id/1037412

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6464

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6464

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-95284 // BID: 94802 // JVNDB: JVNDB-2016-006279 // CNNVD: CNNVD-201612-229 // NVD: CVE-2016-6464

CREDITS

Cisco

Trust: 0.3

sources: BID: 94802

SOURCES

db:VULHUBid:VHN-95284
db:BIDid:94802
db:JVNDBid:JVNDB-2016-006279
db:CNNVDid:CNNVD-201612-229
db:NVDid:CVE-2016-6464

LAST UPDATE DATE

2024-11-23T21:42:20.776000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-95284date:2017-01-05T00:00:00
db:BIDid:94802date:2016-12-20T01:08:00
db:JVNDBid:JVNDB-2016-006279date:2016-12-19T00:00:00
db:CNNVDid:CNNVD-201612-229date:2016-12-12T00:00:00
db:NVDid:CVE-2016-6464date:2024-11-21T02:56:11.030

SOURCES RELEASE DATE

db:VULHUBid:VHN-95284date:2016-12-14T00:00:00
db:BIDid:94802date:2016-12-07T00:00:00
db:JVNDBid:JVNDB-2016-006279date:2016-12-19T00:00:00
db:CNNVDid:CNNVD-201612-229date:2016-12-09T00:00:00
db:NVDid:CVE-2016-6464date:2016-12-14T00:59:03.203