Published: 30/10/2015 Updated: 07/12/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Cisco Unified Communications Domain Manager prior to 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote malicious users to map a filesystem via a series of requests, aka Bug ID CSCut67891.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco hosted collaboration solution 10.6_base
cisco unified communications domain manager 10.6_base

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to map a file system structure The vulnerability is due to different handling of existent and nonexistent paths An attacker could exploit this vulnerability by enumerating all possible URIs and gathering the answers that the server give ...

CWE-200 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-ucd http://www.securityfocus.com/bid/77341 http://www.securitytracker.com/id/1034022 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-ucd

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-6352

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect