VAR-201602-0057
Vulnerability from variot - Updated: 2023-12-18 12:06Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. plural Cisco The product stores a plaintext encryption key, so there is a vulnerability that allows important information to be obtained. Vendors have confirmed this vulnerability Bug ID CSCuv85958 It is released as.Local users may get important information. Cisco Unified Communications Manager (also known as CallManager) and others are products of Cisco (Cisco). CallManager is a call processing component in a unified communication system. A local attacker could exploit this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "keymouse",
"scope": "eq",
"trust": 1.0,
"vendor": "zzinc",
"version": "3.08"
},
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "snv_124"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(2.10000.5)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(2.12901.1)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1.10000.10)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1(2.10000.28)"
},
{
"model": "unified communications manager im and presence service",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(2)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1)"
},
{
"model": "unity connection",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(2)"
},
{
"model": "unified communications manager im and presence service",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.5\\\\\\(2\\\\\\)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.1\\\\\\(2.10000.28\\\\\\)"
},
{
"model": "unity connection",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.5\\\\\\(2\\\\\\)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.5\\\\\\(2.10000.5\\\\\\)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "11.0\\\\\\(1\\\\\\)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "11.0\\\\\\(1.10000.10\\\\\\)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.5\\\\\\(2.12901.1\\\\\\)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "NVD",
"id": "CVE-2016-1319"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\\\(2\\\\\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\\\\\(1\\\\\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:9.1\\\\\\(2.10000.28\\\\\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\\\(2.10000.5\\\\\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\\\\\(2.12901.1\\\\\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.0\\\\\\(1.10000.10\\\\\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:10.5\\\\\\(2\\\\\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1319"
}
]
},
"cve": "CVE-2016-1319",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-1319",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-90138",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1319",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-172",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90138",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90138"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "NVD",
"id": "CVE-2016-1319"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM \u0026 Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. plural Cisco The product stores a plaintext encryption key, so there is a vulnerability that allows important information to be obtained. Vendors have confirmed this vulnerability Bug ID CSCuv85958 It is released as.Local users may get important information. Cisco Unified Communications Manager (also known as CallManager) and others are products of Cisco (Cisco). CallManager is a call processing component in a unified communication system. A local attacker could exploit this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1319"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "VULHUB",
"id": "VHN-90138"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1319",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1034959",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1034958",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1034960",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001497",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-172",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-90138",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90138"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "NVD",
"id": "CVE-2016-1319"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
}
]
},
"id": "VAR-201602-0057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90138"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:06:16.082000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160208-ucm",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160208-ucm"
},
{
"title": "Multiple Cisco Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60115"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90138"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "NVD",
"id": "CVE-2016-1319"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160208-ucm"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034958"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034959"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034960"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1319"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1319"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90138"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "NVD",
"id": "CVE-2016-1319"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90138"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "NVD",
"id": "CVE-2016-1319"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-90138"
},
{
"date": "2016-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"date": "2016-02-09T03:59:03.320000",
"db": "NVD",
"id": "CVE-2016-1319"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-172"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-90138"
},
{
"date": "2016-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"date": "2016-12-06T03:06:49.590000",
"db": "NVD",
"id": "CVE-2016-1319"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-172"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Vulnerabilities in which important information is obtained in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…