Sign-up

ID

VAR-202009-1551


CVE

CVE-2019-15963


TITLE

Cisco Unified Communications Manager  Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-016038

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks. Cisco Unified Communications Manager Contains an information disclosure vulnerability.Information may be obtained. This vulnerability stems from configuration errors in network systems or products during operation

Trust: 1.71

sources: NVD: CVE-2019-15963 // JVNDB: JVNDB-2019-016038 // VULHUB: VHN-148062

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:lteversion:10.5\(2.10000.5\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:gteversion:10.5

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:gteversion:12.5

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:gteversion:11.5

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:lteversion:12.0\(1.10000.10\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:lteversion:11.5\(1.10000.6\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:lteversion:12.5\(1.10000.22\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:gteversion:12.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco unified communications managerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-016038 // NVD: CVE-2019-15963

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15963
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15963
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15963
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202001-1394
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148062
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15963
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148062
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-15963
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15963
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-15963
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-148062 // JVNDB: JVNDB-2019-016038 // CNNVD: CNNVD-202001-1394 // NVD: CVE-2019-15963 // NVD: CVE-2019-15963

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:information leak (CWE-200) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-148062 // JVNDB: JVNDB-2019-016038 // NVD: CVE-2019-15963

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-1394

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202001-1394

PATCH

title:cisco-sa-20200122-cuc-info-disclosureurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-cuc-info-disclosure

Trust: 0.8

title:Cisco Unified Communications Manager Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107737

Trust: 0.6

sources: JVNDB: JVNDB-2019-016038 // CNNVD: CNNVD-202001-1394

EXTERNAL IDS

db:NVDid:CVE-2019-15963

Trust: 2.5

db:JVNDBid:JVNDB-2019-016038

Trust: 0.8

db:CNNVDid:CNNVD-202001-1394

Trust: 0.7

db:AUSCERTid:ESB-2020.0254

Trust: 0.6

db:VULHUBid:VHN-148062

Trust: 0.1

sources: VULHUB: VHN-148062 // JVNDB: JVNDB-2019-016038 // CNNVD: CNNVD-202001-1394 // NVD: CVE-2019-15963

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200122-cuc-info-disclosure

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-15963

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucm-csrf-nbhztxl

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0254/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-information-disclosure-via-web-based-management-interface-31399

Trust: 0.6

sources: VULHUB: VHN-148062 // JVNDB: JVNDB-2019-016038 // CNNVD: CNNVD-202001-1394 // NVD: CVE-2019-15963

SOURCES

db:VULHUBid:VHN-148062
db:JVNDBid:JVNDB-2019-016038
db:CNNVDid:CNNVD-202001-1394
db:NVDid:CVE-2019-15963

LAST UPDATE DATE

2024-08-14T15:07:03.659000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-148062date:2020-10-06T00:00:00
db:JVNDBid:JVNDB-2019-016038date:2021-04-15T09:09:00
db:CNNVDid:CNNVD-202001-1394date:2021-11-02T00:00:00
db:NVDid:CVE-2019-15963date:2021-10-29T17:03:10.437

SOURCES RELEASE DATE

db:VULHUBid:VHN-148062date:2020-09-23T00:00:00
db:JVNDBid:JVNDB-2019-016038date:2021-04-15T00:00:00
db:CNNVDid:CNNVD-202001-1394date:2020-01-22T00:00:00
db:NVDid:CVE-2019-15963date:2020-09-23T01:15:12.957