← Back

CVE-2009-0632

nvd nist
Published: Mar 12, 2009Modified: Apr 23, 2026

JSON object

Loading...
9.0
Vector
AV:N/AC:L/Au:S/C:C/I:C/A:C
Exploitability: 8.0 / Impact: 10.0
Source: NVD

Description

The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.

Affected (30)

Cisco
1 product
Unified Communications Manager
Configuration A
30 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Unified Communications Manager
Version 4.1
Unified Communications Manager
Version 4.2
Unified Communications Manager
Version 4.2(3)sr1
Unified Communications Manager
Version 4.2(3)sr2b
Unified Communications Manager
Version 4.2(3)sr3
Unified Communications Manager
Version 4.2(3)sr4
Unified Communications Manager
Version 4.3
Unified Communications Manager
Version 4.3(1)sr.1
Unified Communications Manager
Version 4.3(2)
Unified Communications Manager
Version 4.3(2)sr1
Unified Communications Manager
Version 5.0
Unified Communications Manager
Version 5.1(1)
Unified Communications Manager
Version 5.1(2)
Unified Communications Manager
Version 5.1(2a)
Unified Communications Manager
Version 5.1(2b)
Unified Communications Manager
Version 5.1(3)
Unified Communications Manager
Version 5.1(3a)
Unified Communications Manager
Version 5.1(3c)
Unified Communications Manager
Version 5.1(3d)
Unified Communications Manager
Version 6.0
Unified Communications Manager
Version 6.0(1)
Unified Communications Manager
Version 6.0(1a)
Unified Communications Manager
Version 6.1
Unified Communications Manager
Version 6.1(1)
Unified Communications Manager
Version 6.1(1a)
Unified Communications Manager
Version 6.1(2)
Unified Communications Manager
Version 6.1(2)su1
Unified Communications Manager
Version 6.1(3)
Unified Communications Manager
Version 7.0
Unified Communications Manager
Version 7.0(1)

Related CWEs

CWE-255
CWE-255

References (16)

Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
PatchVendor Advisory
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
PatchVendor Advisory
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.