HomePentest-Tools.com Logo

Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability CVE-2016-6464

Severity
CVSSv3 Score
7.5
Vulnerability description

A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted.

Risk description

The vulnerability is due to a lack of proper input validation performed on the HTTP packet header. An attacker could exploit this vulnerability by sending a crafted packet to the targeted device. An exploit could allow the attacker to view web pages that should have been restricted.

Recommendation

See the vendors advisory for solutions.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 14, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available