CVE-2019-15963 : A vulnerability in the web-based management interface of Cisco Unified Communica

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.

Published 2020-09-23 01:15:13

Updated 2021-10-29 17:03:10

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2019-15963

Cisco » Unified Communications Manager
Versions from including (>=) 12.0 and up to, including, (<=) 12.0\(1.10000.10\)
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
Matching versions
Cisco » Unified Communications Manager
Versions from including (>=) 12.5 and up to, including, (<=) 12.5\(1.10000.22\)
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
Matching versions
Cisco » Unified Communications Manager
Versions from including (>=) 11.5 and up to, including, (<=) 11.5\(1.10000.6\)
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
Matching versions
Cisco » Unified Communications Manager
Versions from including (>=) 10.5 and up to, including, (<=) 10.5\(2.10000.5\)
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-15963

EPSS FAQ

0.21%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 40 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-15963

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	Cisco Systems, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2019-15963

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: ykramarz@cisco.com (Secondary)

References for CVE-2019-15963

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-cuc-info-disclosure

Cisco Unified Communications Manager Information Disclosure Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-15963

Products affected by CVE-2019-15963

Exploit prediction scoring system (EPSS) score for CVE-2019-15963

CVSS scores for CVE-2019-15963

CWE ids for CVE-2019-15963

References for CVE-2019-15963