Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Cisco Unified Communications Manager Multiple Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is running Cisco Unified Communications Manager and is prone to multiple vulnerabilities.
Insight
Insight
The flaws are due to, - Authenticated users of CUCM can access limited functionality via the web interface and Cisco console (SSH on port 22). Because the SSH server is configured to process several environment variables from the client and a vulnerable version of bash is used, it is possible to exploit command injection via specially crafted environment variables. - The application allows users to view the contents of any locally accessible files on the web server through a vulnerability known as LFI (Local File Inclusion). - The pingExecute servlet allows unauthenticated users to execute pings to arbitrary IP addresses. This could be used by an attacker to enumerate the internal network. - Authentication for some methods in the EPAS SOAP interface can be bypassed by using a hardcoded session ID. The methods 'GetUserLoginInfoHandler' and 'GetLoggedinXMPPUserHandler' are affected.
Affected Software
Affected Software
Cisco Unified Communications Manager 9.x < 9.2, 10.x < 10.5.2, 11.x < 11.0.1.
Detection Method
Detection Method
Send a crafted request via HTTP GET and check whether it is able to execute the code
Solution
Solution
Upgrade to CUCM version 9.2, 10.5.2 or 11.0.1 pr later.