cnvd - cnvd-2016-06424

cnvd-2016-06424

Vulnerability from cnvd

Title

Cisco Unified Communications Manager信息泄露漏洞（CNVD-2016-06424）

Description

Cisco Unified Communications Manager（CUCM，Unified CM）是美国思科（Cisco）公司的一款统一通信系统中的呼叫处理组件。该组件提供了一种可扩展、可分布和高可用的企业IP电话呼叫处理解决方案。 Cisco Unified Communications Manager 11.5版本中的User Data Services Application Programming Interface存在信息泄露洞。远程攻击者可利用该漏洞查看保密信息。

Severity

中

Patch Name

Cisco Unified Communications Manager信息泄露漏洞（CNVD-2016-06424）的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm

Impacted products

Name
Cisco Unified Communications Manager 11.5

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "92517"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6364"
    }
  },
  "description": "Cisco Unified Communications Manager\uff08CUCM\uff0cUnified CM\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7edf\u4e00\u901a\u4fe1\u7cfb\u7edf\u4e2d\u7684\u547c\u53eb\u5904\u7406\u7ec4\u4ef6\u3002\u8be5\u7ec4\u4ef6\u63d0\u4f9b\u4e86\u4e00\u79cd\u53ef\u6269\u5c55\u3001\u53ef\u5206\u5e03\u548c\u9ad8\u53ef\u7528\u7684\u4f01\u4e1aIP\u7535\u8bdd\u547c\u53eb\u5904\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco Unified Communications Manager 11.5\u7248\u672c\u4e2d\u7684User Data Services Application Programming Interface\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u4fdd\u5bc6\u4fe1\u606f\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-06424",
  "openTime": "2016-08-19",
  "patchDescription": "Cisco Unified Communications Manager\uff08CUCM\uff0cUnified CM\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7edf\u4e00\u901a\u4fe1\u7cfb\u7edf\u4e2d\u7684\u547c\u53eb\u5904\u7406\u7ec4\u4ef6\u3002\u8be5\u7ec4\u4ef6\u63d0\u4f9b\u4e86\u4e00\u79cd\u53ef\u6269\u5c55\u3001\u53ef\u5206\u5e03\u548c\u9ad8\u53ef\u7528\u7684\u4f01\u4e1aIP\u7535\u8bdd\u547c\u53eb\u5904\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco Unified Communications Manager 11.5\u7248\u672c\u4e2d\u7684User Data Services Application Programming Interface\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u4fdd\u5bc6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Unified Communications Manager\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2016-06424\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Unified Communications Manager 11.5"
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm",
  "serverity": "\u4e2d",
  "submitTime": "2016-08-18",
  "title": "Cisco Unified Communications Manager\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2016-06424\uff09"
}

CVE-2016-6364 (GCVE-0-2016-6364)

Vulnerability from cvelistv5

Published

2016-08-23 01:00

Modified

2024-08-06 01:29

Severity ?

CWE

Summary

The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.

References

URL

Tags

	http://www.securityfocus.com/bid/92517	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1036650	vdb-entry, x_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm	vendor-advisory, x_refsource_CISCO