A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote malicious user to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the malicious user to determine a sensitive system password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco unified communications manager |
||
cisco unity connection |