Vulnerability Details : CVE-2013-4869
Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0."
Products affected by CVE-2013-4869
- Cisco » Unified Communications ManagerVersions from including (>=) 7.1\(1\) and up to, including, (<=) 9.1\(2\)cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4869
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4869
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
N/A
|
LOW | AV:N/AC:L/Au:N/C:N/I:N/A:N |
10.0
|
N/A
|
NIST |
CWE ids for CVE-2013-4869
-
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4869
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm
Multiple Vulnerabilities in Cisco Unified Communications ManagerVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/85883
Cisco Unified Communications Manager CVE-2013-4869 weak security CVE-2013-4869 Vulnerability ReportThird Party Advisory;VDB Entry
Jump to