The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and previous versions does not properly implement access control, which allows remote malicious users to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco unified communications domain manager |
||
cisco unified communications domain manager 8.6\\(.2\\) |
||
cisco unified communications domain manager 7.4 |
||
cisco unified communications domain manager 9.0 |
||
cisco unified communications domain manager 8.6 |