Vulnerability Details : CVE-2016-6364
The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.
Vulnerability category: Information leak
Products affected by CVE-2016-6364
- cpe:2.3:a:cisco:unified_communications_manager:11.5.0:*:*:*:*:*:*:*
Threat overview for CVE-2016-6364
Top countries where our scanners detected CVE-2016-6364
Top open port discovered on systems with this issue
5061
IPs affected by CVE-2016-6364 611
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-6364!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-6364
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6364
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-6364
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6364
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm
Cisco Unified Communications Manager Information Disclosure VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1036650
Cisco Unified Communications Manager UDS API Authentication Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/92517
Cisco Unified Communications Manager CVE-2016-6364 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to