CVE-2015-4221

Published: Jun 26, 2015Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194.

Affected (1)

Products: Cisco: Unified Communications Manager Im And Presence Service

1 product

Unified Communications Manager Im And Presence Service

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Communications Manager Im And Presence Service	Version 9.1(1)

Related CWEs

References (6)

http://tools.cisco.com/security/center/viewAlert.x?alertId=39505

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/75401

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032716

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/viewAlert.x?alertId=39505

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/75401

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032716

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.