Cisco Unified Communications Manager Information Disclosure Vulnerability
A vulnerability in the User Data Services (UDS) Application Programming Interface (API) for Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view confidential information that should require authentication.The vulnerability is due to improper authentication controls for certain information returned by the UDS API. An attacker could exploit this vulnerability by accessing the UDS API. An exploit could allow the attacker to view certain information that is confidential and should require authentication to retrieve via the UDS API.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2b15S68
A vulnerability in the User Data Services (UDS) Application Programming Interface (API) for Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view confidential information that should require authentication.The vulnerability is due to improper authentication controls for certain information returned by the UDS API. An attacker could exploit this vulnerability by accessing the UDS API. An exploit could allow the attacker to view certain information that is confidential and should require authentication to retrieve via the UDS API.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2b15S68
Security Impact Rating: Medium
CVE: CVE-2016-6364
from Cisco Security Advisory http://ift.tt/2b15S68