Detections
Analytics
Cisco Unified Communications Manager IM & Presence Information Disclosure (cisco-sa-imp-inf-disc-cUPKuA5n)
medium Nessus Plugin ID 215006
Synopsis
The remote device is missing a vendor-supplied security patch.Description
According to its self-reported version, Cisco Unified Communications Manager IM & Presence running on the remote host is affected by an information disclosure vulnerability in the logging component. This could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Solution
Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwk31853See Also
Plugin Details
Severity: Medium
ID: 215006
File Name: cisco-sa-imp-inf-disc-cUPKuA5n.nasl
Version: 1.2
Type: local
Family: CISCO
Published: 2/5/2025
Updated: 2/6/2025
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N
CVSS Score Source: CVE-2024-20457
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:cisco:unified_communications_manager_im_and_presence_service
Required KB Items: installed_sw/Cisco Unified CM IM&P
Exploit Ease: No known exploits are available
Patch Publication Date: 11/6/2024
Vulnerability Publication Date: 11/6/2024
Reference Information
CVE: CVE-2024-20457