Cisco Unified Communications Manager Multiple Vulnerabilities Fixed by 9.2, 10.5.2 and 11.0.1


Description   Several vulnerabilities were reported in Cisco Unified Communications Manager:
- command execution. A remote attacker could exploit it in order to execute ping command, which could be used to enumerate the internal network. This vulnerability stems from the "pingExecute" servlet which allows user to execute ping command without restriction
- security bypass located in "GetUserLoginInfoHandler" and "GetLoggedinXMPPUserHandler" methods in the EPAS SOAP interface. A remote attacker could exploit it by using a hardcoded session ID in order to bypass authentification.
A proof of concept is available for command execution vulnerability.
     
Vulnerable Products   Vulnerable Software:
Unified Communications Manager (Cisco)
     
Solution   Cisco has released versions 9.2, 10.5.2 and 11.0.1 of Unified Communications Manager which fix these vulnerabilities.
     
CVE  
     
References   - BugTraq : Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001)
http://seclists.org/bugtraq/2015/Aug/56
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Local File Inclusion - suspicious /etc/passwd found in URL
3.5.0
bash Shellshock web vulnerability CVE-2014-6271
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-08-13 

 Target Type 
Server 

 Possible exploit 
Remote