A vulnerability in the key management feature of multiple Cisco Unified products could allow an unauthenticated, local malicious user to read sensitive data. The vulnerability is due to an encryption key that can be read in plain text. An attacker could exploit this vulnerability by determining the key and decrypting certain data sets. An exploit could allow the malicious user to read and disclose sensitive data. Cisco released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco unified communications manager im and presence service 10.5\\\\\\(2\\\\\\) |
||
cisco unified contact center express 11.0\\\\\\(1\\\\\\) |
||
cisco unified communications manager 9.1\\\\\\(2.10000.28\\\\\\) |
||
cisco unified communications manager 10.5\\\\\\(2.10000.5\\\\\\) |
||
cisco unified communications manager 10.5\\\\\\(2.12901.1\\\\\\) |
||
cisco unified communications manager 11.0\\\\\\(1.10000.10\\\\\\) |
||
cisco unity connection 10.5\\\\\\(2\\\\\\) |