Details of VAR-201503-0176

ID

VAR-201503-0176

CVE

CVE-2015-0680

TITLE

Cisco Unified Call Manager Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2015-001989

DESCRIPTION

Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439. Cisco Unified Communications Manager is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCuq44439

Trust: 1.98

sources: NVD: CVE-2015-0680 // JVNDB: JVNDB-2015-001989 // BID: 73393 // VULHUB: VHN-78626

AFFECTED PRODUCTS

vendor:	cisco	model:	unified callmanager	scope:	eq	version:	9.1\(2.1000.28\)	Trust: 1.6
vendor:	cisco	model:	unified callmanager	scope:	eq	version:	9.1(2.1000.28)	Trust: 0.8
vendor:	cisco	model:	unified communications manager base	scope:	eq	version:	9.1(2.10000.28)	Trust: 0.3

sources: BID: 73393 // JVNDB: JVNDB-2015-001989 // CNNVD: CNNVD-201503-611 // NVD: CVE-2015-0680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0680
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0680
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201503-611
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78626
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0680
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78626
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78626 // JVNDB: JVNDB-2015-001989 // CNNVD: CNNVD-201503-611 // NVD: CVE-2015-0680

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-78626 // JVNDB: JVNDB-2015-001989 // NVD: CVE-2015-0680

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-611

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201503-611

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001989

PATCH

title:

38079

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=38079

Trust: 0.8

sources: JVNDB: JVNDB-2015-001989

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0680	Trust: 2.8
db:	SECTRACK	id:	1031991	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-001989	Trust: 0.8
db:	CNNVD	id:	CNNVD-201503-611	Trust: 0.7
db:	BID	id:	73393	Trust: 0.4
db:	VULHUB	id:	VHN-78626	Trust: 0.1

sources: VULHUB: VHN-78626 // BID: 73393 // JVNDB: JVNDB-2015-001989 // CNNVD: CNNVD-201503-611 // NVD: CVE-2015-0680

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38079	Trust: 2.0
url:	http://www.securitytracker.com/id/1031991	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0680	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0680	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3

sources: VULHUB: VHN-78626 // BID: 73393 // JVNDB: JVNDB-2015-001989 // CNNVD: CNNVD-201503-611 // NVD: CVE-2015-0680

CREDITS

Cisco

Trust: 0.3

sources: BID: 73393

SOURCES

db:	VULHUB	id:	VHN-78626
db:	BID	id:	73393
db:	JVNDB	id:	JVNDB-2015-001989
db:	CNNVD	id:	CNNVD-201503-611
db:	NVD	id:	CVE-2015-0680

LAST UPDATE DATE

2025-04-13T23:04:29.183000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78626	date:	2015-11-30T00:00:00
db:	BID	id:	73393	date:	2015-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-001989	date:	2015-03-31T00:00:00
db:	CNNVD	id:	CNNVD-201503-611	date:	2015-04-03T00:00:00
db:	NVD	id:	CVE-2015-0680	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78626	date:	2015-03-28T00:00:00
db:	BID	id:	73393	date:	2015-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-001989	date:	2015-03-31T00:00:00
db:	CNNVD	id:	CNNVD-201503-611	date:	2015-03-30T00:00:00
db:	NVD	id:	CVE-2015-0680	date:	2015-03-28T01:59:53.833