Vulnerability Details : CVE-2015-0680
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.
Vulnerability category: Information leak
Products affected by CVE-2015-0680
- cpe:2.3:a:cisco:unified_callmanager:9.1\(2.1000.28\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0680
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0680
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2015-0680
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0680
-
http://www.securitytracker.com/id/1031991
Cisco Unified Call Manager Lets Remote Authenticated Users Retrieve Arbitrary Files - SecurityTracker
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=38079
Cisco Unified Call Manager Arbitrary File Retrieval VulnerabilityVendor Advisory
Jump to