Vulnerability Description
Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Communications Manager Im And Presence Service | 9.1\(1\) |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/viewAlert.x?alertId=39505Vendor Advisory
- http://www.securityfocus.com/bid/75401Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032716Third Party AdvisoryVDB Entry
- http://tools.cisco.com/security/center/viewAlert.x?alertId=39505Vendor Advisory
- http://www.securityfocus.com/bid/75401Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032716Third Party AdvisoryVDB Entry
FAQ
What is CVE-2015-4221?
CVE-2015-4221 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and conseq...
How severe is CVE-2015-4221?
CVE-2015-4221 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4221?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Manager Im And Presence Service.