CVE-2016-1319 : Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.100

Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.

Published 2016-02-09 03:59:03

Updated 2016-12-06 03:06:50

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2016-1319

Probability of exploitation activity in the next 30 days: 0.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 42 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-1319

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2016-1319

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-1319

http://www.securitytracker.com/id/1034960

Cisco Unity Connection Key Management Bug Lets Local Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker
http://www.securitytracker.com/id/1034959

Cisco Unified Contact Center Express Key Management Bug Lets Local Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker
http://www.securitytracker.com/id/1034958

Cisco Unified Communications Manager Key Management Bug Lets Local Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm

Cisco Unified Products Information Disclosure Vulnerability
Vendor Advisory

Products affected by CVE-2016-1319

SUN » Opensolaris » Version: Snv 124 Sparc Edition
cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*
Matching versions
Samsung » X14j Firmware » Version: T-ms14jakucb-1102.5
cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*
Matching versions
Zyxel » Gs1900-10hp Firmware
Versions before (<) 2.50\(aazi.0\)c0
cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*
Matching versions
Zzinc » Keymouse Firmware » Version: 3.08 For Windows
cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*
Matching versions

Vulnerability Details : CVE-2016-1319

Exploit prediction scoring system (EPSS) score for CVE-2016-1319

CVSS scores for CVE-2016-1319

CWE ids for CVE-2016-1319

References for CVE-2016-1319

Products affected by CVE-2016-1319