Vulnerability Description
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.
CVSS Score
4.0
MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Callmanager | 9.1\(2.1000.28\) |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/viewAlert.x?alertId=38079Vendor Advisory
- http://www.securitytracker.com/id/1031991
- http://tools.cisco.com/security/center/viewAlert.x?alertId=38079Vendor Advisory
- http://www.securitytracker.com/id/1031991
FAQ
What is CVE-2015-0680?
CVE-2015-0680 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44...
How severe is CVE-2015-0680?
CVE-2015-0680 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0680?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Callmanager.