Vulnerability in Cisco Unified_communications_manager_im_and_presence_service
CVE-2015-4221
Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by v…
EPSS: 0.002 (36.0th percentile) — read the EPSS interpretation.
Affected products
- Cisco Unified_communications_manager_im_and_presence_service — versions 9.1\(1\)
- N/a — versions n/a
Weakness classification (CWE)
References
- 20150624 Cisco IM and Presence Service Leaked Encrypted Passwords Privilege Escalation Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 75401 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- 1032716 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)