CVE-2015-4221

Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
ciscounified_communications_manager_im_and_presence_service
9.1\(1\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/viewAlert.x?alertId=39505
http://www.securityfocus.com/bid/75401
http://www.securitytracker.com/id/1032716
http://tools.cisco.com/security/center/viewAlert.x?alertId=39505
http://www.securityfocus.com/bid/75401
http://www.securitytracker.com/id/1032716