csaf_certbund - wid-sec-w-2024-3356

wid-sec-w-2024-3356

Vulnerability from csaf_certbund

Published

2024-11-06 23:00

Modified

2024-11-06 23:00

Summary

Cisco Unified Communications Manager IM & Presence Service und Unified Communications Manager (CUCM): Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Cisco Unified Communications Manager (CUCM) (ehemals CallManager) dient zur Gesprächsvermittlung in IP-Telefonie-Netzen. Der Cisco Unified Communications Manager (CUCM, ehemals CallManager) dient zur Gesprächsvermittlung in IP-Telefonie-Netzen.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Cisco Unified Communications Manager IM & Presence Service und Cisco Unified Communications Manager (CUCM) ausnutzen, um Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen.

Betroffene Betriebssysteme

- CISCO Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Cisco Unified Communications Manager (CUCM) (ehemals CallManager) dient zur Gespr\u00e4chsvermittlung in IP-Telefonie-Netzen.\r\nDer Cisco Unified Communications Manager (CUCM, ehemals CallManager) dient zur Gespr\u00e4chsvermittlung in IP-Telefonie-Netzen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Cisco Unified Communications Manager IM \u0026 Presence Service und Cisco Unified Communications Manager (CUCM) ausnutzen, um Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- CISCO Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3356 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3356.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3356 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3356"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory  vom 2024-11-06",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n?amp%3B_Presence_Service_Information_Disclosure_Vulnerability%26vs_k=1"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory  vom 2024-11-06",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW"
      }
    ],
    "source_lang": "en-US",
    "title": "Cisco Unified Communications Manager IM \u0026 Presence Service und Unified Communications Manager (CUCM): Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-11-06T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-07T09:33:31.452+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-3356",
      "initial_release_date": "2024-11-06T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-11-06T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c14SU5 (2025)",
                "product": {
                  "name": "Cisco Unified Communications Manager (CUCM) \u003c14SU5 (2025)",
                  "product_id": "T038817"
                }
              },
              {
                "category": "product_version",
                "name": "14SU5 (2025)",
                "product": {
                  "name": "Cisco Unified Communications Manager (CUCM) 14SU5 (2025)",
                  "product_id": "T038817-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unified_communications_manager:14su5_%25282025%2529"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c15SU2",
                "product": {
                  "name": "Cisco Unified Communications Manager (CUCM) \u003c15SU2",
                  "product_id": "T038818"
                }
              },
              {
                "category": "product_version",
                "name": "15SU2",
                "product": {
                  "name": "Cisco Unified Communications Manager (CUCM) 15SU2",
                  "product_id": "T038818-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unified_communications_manager:15su2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Unified Communications Manager (CUCM)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.5(1)SU9",
                "product": {
                  "name": "Cisco Unified Communications Manager IM \u0026 Presence Service \u003c12.5(1)SU9",
                  "product_id": "T038814"
                }
              },
              {
                "category": "product_version",
                "name": "12.5(1)SU9",
                "product": {
                  "name": "Cisco Unified Communications Manager IM \u0026 Presence Service 12.5(1)SU9",
                  "product_id": "T038814-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unified_communications_manager_im_and_presence_service:12.5%25281%2529su9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c14SU5 (2025)",
                "product": {
                  "name": "Cisco Unified Communications Manager IM \u0026 Presence Service \u003c14SU5 (2025)",
                  "product_id": "T038815"
                }
              },
              {
                "category": "product_version",
                "name": "14SU5 (2025)",
                "product": {
                  "name": "Cisco Unified Communications Manager IM \u0026 Presence Service 14SU5 (2025)",
                  "product_id": "T038815-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unified_communications_manager_im_and_presence_service:14su5_%25282025%2529"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c15SU2",
                "product": {
                  "name": "Cisco Unified Communications Manager IM \u0026 Presence Service \u003c15SU2",
                  "product_id": "T038816"
                }
              },
              {
                "category": "product_version",
                "name": "15SU2",
                "product": {
                  "name": "Cisco Unified Communications Manager IM \u0026 Presence Service 15SU2",
                  "product_id": "T038816-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unified_communications_manager_im_and_presence_service:15su2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Unified Communications Manager IM \u0026 Presence Service"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-20457",
      "notes": [
        {
          "category": "description",
          "text": "In Cisco Unified Communications Manager IM \u0026 Presence Service besteht eine Schwachstelle. Dieser Fehler existiert in der Protokollierungskomponente wegen der Speicherung von unverschl\u00fcsselten Anmeldeinformationen in bestimmten Protokollen. Ein entfernter authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038816",
          "T038815",
          "T038814"
        ]
      },
      "release_date": "2024-11-06T23:00:00.000+00:00",
      "title": "CVE-2024-20457"
    },
    {
      "cve": "CVE-2024-20511",
      "notes": [
        {
          "category": "description",
          "text": "In Cisco Unified Communications Manager (CUCM) existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden in der webbasierten Verwaltungsoberfl\u00e4che nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038817",
          "T038818"
        ]
      },
      "release_date": "2024-11-06T23:00:00.000+00:00",
      "title": "CVE-2024-20511"
    }
  ]
}

cve-2024-20511

Vulnerability from cvelistv5

Published

2024-11-06 16:29

Modified

2024-11-06 17:04

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

References

▼	URL	Tags
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW

Impacted products

Vendor

Product

Version

▼

Cisco

Cisco Unified Communications Manager

Version: 12.5(1)SU2
Version: 12.0(1)SU2
Version: 12.0(1)SU3
Version: 12.5(1)SU1
Version: 12.5(1)
Version: 12.0(1)SU1
Version: 12.5(1)SU3
Version: 12.0(1)SU4
Version: 12.5(1)SU4
Version: 14
Version: 12.0(1)SU5
Version: 12.5(1)SU5
Version: 14SU1
Version: 12.5(1)SU6
Version: 14SU2
Version: 12.5(1)SU7
Version: 12.5(1)SU7a
Version: 14SU3
Version: 12.5(1)SU8
Version: 12.5(1)SU8a
Version: 15
Version: 15SU1
Version: 14SU4
Version: 14SU4a
Version: 15SU1a
Version: 12.5(1)SU9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20511",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T17:04:44.682281Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T17:04:51.825Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Communications Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.0(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.0(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.0(1)SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "12.0(1)SU5"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7a"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8a"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            },
            {
              "status": "affected",
              "version": "14SU4a"
            },
            {
              "status": "affected",
              "version": "15SU1a"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-06T16:29:54.298Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cucm-xss-SVCkMMW",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cucm-xss-SVCkMMW",
        "defects": [
          "CSCwk99263"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Unified Communications Manager Cross-Site Scripting Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20511",
    "datePublished": "2024-11-06T16:29:54.298Z",
    "dateReserved": "2023-11-08T15:08:07.688Z",
    "dateUpdated": "2024-11-06T17:04:51.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20457

Vulnerability from cvelistv5

Published

2024-11-06 16:29

Modified

2024-11-06 17:06

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability

References

▼	URL	Tags
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n

Impacted products

Vendor

Product

Version

▼

Cisco

Cisco Unified Communications Manager IM and Presence Service

Version: 11.5(1)SU6
Version: 10.5(1)SU1
Version: 10.5(1)SU2
Version: 12.5(1)
Version: 10.5(2)SU2a
Version: 11.5(1)SU3a
Version: 10.0(1)SU2
Version: 10.5(2)SU2
Version: 11.0
Version: 10.5(2)SU3
Version: 10.5(1)SU3
Version: 11.5(1)SU1
Version: 11.0(1)
Version: 10.5(2)SU4
Version: 11.0(1)SU1
Version: 11.5(1)SU2
Version: 11.5(1)SU5
Version: 10.0(1)SU1
Version: 11.5(1)SU3
Version: 10.5(2)SU4a
Version: 10.5(2)
Version: 11.5(1)SU5a
Version: 11.5(1)SU4
Version: 12.5(1)SU1
Version: 10.0(1)
Version: 10.5(2b)
Version: 10.5(2)SU1
Version: 10.5(1)
Version: 10.5(2a)
Version: 11.5(1)
Version: 12.5(1)SU2
Version: 11.5(1)SU7
Version: 11.5(1)SU8
Version: 12.5(1)SU3
Version: 11.5(1)SU9
Version: 12.5(1)SU4
Version: 14
Version: 11.5(1)SU10
Version: 12.5(1)SU5
Version: 14SU1
Version: 12.5(1)SU6
Version: 11.5(1)SU11
Version: 14SU2
Version: 14SU2a
Version: 12.5(1)SU7
Version: 14SU3
Version: 12.5(1)SU8
Version: 15
Version: 15SU1
Version: 14SU4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20457",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T17:06:29.143075Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T17:06:37.800Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Communications Manager IM and Presence Service",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU2a"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU3a"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU2"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU2"
            },
            {
              "status": "affected",
              "version": "11.0"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU3"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU4"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU4a"
            },
            {
              "status": "affected",
              "version": "10.5(2)"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU5a"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.0(1)"
            },
            {
              "status": "affected",
              "version": "10.5(2b)"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "10.5(2a)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU9"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU10"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU11"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "14SU2a"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the logging component of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-06T16:29:12.887Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-imp-inf-disc-cUPKuA5n",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n"
        }
      ],
      "source": {
        "advisory": "cisco-sa-imp-inf-disc-cUPKuA5n",
        "defects": [
          "CSCwk31853"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Unified Communications Manager IM \u0026 Presence Service Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20457",
    "datePublished": "2024-11-06T16:29:12.887Z",
    "dateReserved": "2023-11-08T15:08:07.679Z",
    "dateUpdated": "2024-11-06T17:06:37.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

wid-sec-w-2024-3356

Vulnerability from csaf_certbund

cve-2024-20511

Vulnerability from cvelistv5

cve-2024-20457

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature