Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Cisco Unified Communications Manager Multiple Vulnerabilities

Information

Severity

Severity

Critical

Family

Family

CISCO

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

7 years ago

Modified

Modified

3 years ago

Summary

The host is running Cisco Unified Communications Manager and is prone to multiple vulnerabilities.

Insight

Insight

The flaws are due to, - Authenticated users of CUCM can access limited functionality via the web interface and Cisco console (SSH on port 22). Because the SSH server is configured to process several environment variables from the client and a vulnerable version of bash is used, it is possible to exploit command injection via specially crafted environment variables. - The application allows users to view the contents of any locally accessible files on the web server through a vulnerability known as LFI (Local File Inclusion). - The pingExecute servlet allows unauthenticated users to execute pings to arbitrary IP addresses. This could be used by an attacker to enumerate the internal network. - Authentication for some methods in the EPAS SOAP interface can be bypassed by using a hardcoded session ID. The methods 'GetUserLoginInfoHandler' and 'GetLoggedinXMPPUserHandler' are affected.

Affected Software

Affected Software

Cisco Unified Communications Manager 9.x < 9.2, 10.x < 10.5.2, 11.x < 11.0.1.

Detection Method

Detection Method

Send a crafted request via HTTP GET and check whether it is able to execute the code

Solution

Solution

Upgrade to CUCM version 9.2, 10.5.2 or 11.0.1 pr later.