Published: 12/12/2013 Updated: 17/05/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote malicious users to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco unified communications manager

#!/bin/bash ####################################################################### # Proof of Concept on how to get tftp config files from cisco phones # # This can be performed anonymously and privileges gathered relies on # # those assigned to the ldap account # # Developed by Daniel Svartman (danielsvartman@gm ...

CWE-310 http://www.exploit-db.com/exploits/30237/http://osvdb.org/100916 https://exchange.xforce.ibmcloud.com/vulnerabilities/89649 https://nvd.nist.gov https://www.exploit-db.com/exploits/30237/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-7030

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect