CVE-2015-0680

Published: Mar 28, 2015Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.

Affected (1)

Products: Cisco: Unified Callmanager

Cisco

1 product

Unified Callmanager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Callmanager	Version 9.1(2.1000.28)

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://tools.cisco.com/security/center/viewAlert.x?alertId=38079

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1031991

Source: psirt@cisco.com

http://tools.cisco.com/security/center/viewAlert.x?alertId=38079

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1031991

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.