CVE-2018-0266

CVE Database · CVE-2018-0266

CVE-2018-0266

· MEDIUMModified

CVSS v3.1

4.3

EPSS

1.78%

Published

Apr 19, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-200CWE-425

Affected Products (4)

cisco · unified_communications_managervulnerable

References (6)

http://www.securityfocus.com/bid/103933

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040718

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm