Wednesday, December 7, 2016

Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability

A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted.

The vulnerability is due to a lack of proper input validation performed on the HTTP packet header. An attacker could exploit this vulnerability by sending a crafted packet to the targeted device. An exploit could allow the attacker to view web pages that should have been restricted.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2hgViiw A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted.

The vulnerability is due to a lack of proper input validation performed on the HTTP packet header. An attacker could exploit this vulnerability by sending a crafted packet to the targeted device. An exploit could allow the attacker to view web pages that should have been restricted.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2hgViiw
Security Impact Rating: Medium
CVE: CVE-2016-6464

from Cisco Security Advisory http://ift.tt/2hgViiw
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)