Sign-up

ID

VAR-201504-0264


CVE

CVE-2015-0683


TITLE

Cisco Unified Communications Domain Manager Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-002077

DESCRIPTION

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. This issue is tracked by Cisco Bug ID CSCup94744. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. A security vulnerability exists in Cisco UCDM release 8.1(4)

Trust: 1.98

sources: NVD: CVE-2015-0683 // JVNDB: JVNDB-2015-002077 // BID: 73446 // VULHUB: VHN-78629

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.1\(.4\)

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.1(4)

Trust: 0.8

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.1.4

Trust: 0.3

sources: BID: 73446 // JVNDB: JVNDB-2015-002077 // CNNVD: CNNVD-201504-046 // NVD: CVE-2015-0683

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0683
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0683
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201504-046
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78629
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0683
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78629
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78629 // JVNDB: JVNDB-2015-002077 // CNNVD: CNNVD-201504-046 // NVD: CVE-2015-0683

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-78629 // JVNDB: JVNDB-2015-002077 // NVD: CVE-2015-0683

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-046

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201504-046

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002077

PATCH
title:38118url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38118
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002077

EXTERNAL IDS
db:NVDid:CVE-2015-0683
Trust: 2.8
db:SECTRACKid:1032003
Trust: 1.1
db:JVNDBid:JVNDB-2015-002077
Trust: 0.8
db:CNNVDid:CNNVD-201504-046
Trust: 0.7
db:BIDid:73446
Trust: 0.4
db:VULHUBid:VHN-78629
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78629 // 
            
            
            
            BID: 73446 // 
            
            
            
            JVNDB: JVNDB-2015-002077 // 
            
            
            
            CNNVD: CNNVD-201504-046 // 
            
            
            
            NVD: CVE-2015-0683

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38118
Trust: 2.0
url:http://www.securitytracker.com/id/1032003
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0683
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0683
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78629 // 
            
            
            
            BID: 73446 // 
            
            
            
            JVNDB: JVNDB-2015-002077 // 
            
            
            
            CNNVD: CNNVD-201504-046 // 
            
            
            
            NVD: CVE-2015-0683

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 73446

SOURCES
db:VULHUBid:VHN-78629
db:BIDid:73446
db:JVNDBid:JVNDB-2015-002077
db:CNNVDid:CNNVD-201504-046
db:NVDid:CVE-2015-0683

LAST UPDATE DATE
2025-04-12T23:04:44.768000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78629date:2015-09-29T00:00:00
db:BIDid:73446date:2015-03-31T00:00:00
db:JVNDBid:JVNDB-2015-002077date:2015-04-07T00:00:00
db:CNNVDid:CNNVD-201504-046date:2015-04-07T00:00:00
db:NVDid:CVE-2015-0683date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-78629date:2015-04-03T00:00:00
db:BIDid:73446date:2015-03-31T00:00:00
db:JVNDBid:JVNDB-2015-002077date:2015-04-07T00:00:00
db:CNNVDid:CNNVD-201504-046date:2015-04-07T00:00:00
db:NVDid:CVE-2015-0683date:2015-04-03T10:59:07.227