Test Kennung:	1.3.6.1.4.1.25623.1.0.805097
Kategorie:	CISCO
Titel:	Cisco Unified Communications Manager Multiple Vulnerabilities
Zusammenfassung:	Cisco Unified Communications Manager is prone to multiple vulnerabilities.
Beschreibung:	Summary: Cisco Unified Communications Manager is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to: - Authenticated users of CUCM can access limited functionality via the web interface and Cisco console (SSH on port 22). Because the SSH server is configured to process several environment variables from the client and a vulnerable version of bash is used, it is possible to exploit command injection via specially crafted environment variables. - The application allows users to view the contents of any locally accessible files on the web server through a vulnerability known as LFI (Local File Inclusion). - The pingExecute servlet allows unauthenticated users to execute pings to arbitrary IP addresses. This could be used by an attacker to enumerate the internal network. - Authentication for some methods in the EPAS SOAP interface can be bypassed by using a hardcoded session ID. The methods 'GetUserLoginInfoHandler' and 'GetLoggedinXMPPUserHandler' are affected. Vulnerability Impact: Successful exploitation may allow remote attackers to spawn a shell running as the user 'admin', enumerate the internal network, view the contents of any locally accessible files on the web server. Affected Software/OS: Cisco Unified Communications Manager 9.x < 9.2, 10.x < 10.5.2, 11.x < 11.0.1. Solution: Upgrade to CUCM version 9.2, 10.5.2 or 11.0.1 pr later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.