9
CVE-2009-0632
- EPSS 1.31%
- Veröffentlicht 12.03.2009 15:20:49
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Unified Communications Manager Version4.1
Cisco ≫ Unified Communications Manager Version4.2
Cisco ≫ Unified Communications Manager Version4.3
Cisco ≫ Unified Communications Manager Version5.0
Cisco ≫ Unified Communications Manager Version6.0
Cisco ≫ Unified Communications Manager Version6.1
Cisco ≫ Unified Communications Manager Version7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.31% | 0.789 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|