CVE-2009-0632
First published: Thu Mar 12 2009(Updated: )
The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager | =5.1\(3c\) | |
| Cisco Unified Communications Manager | =6.1\(2\) | |
| Cisco Unified Communications Manager | =5.1\(2a\) | |
| Cisco Unified Communications Manager | =6.0\(1\) | |
| Cisco Unified Communications Manager | =5.1\(2\) | |
| Cisco Unified Communications Manager | =4.2\(3\)sr2b | |
| Cisco Unified Communications Manager | =5.0 | |
| Cisco Unified Communications Manager | =4.3\(2\)sr1 | |
| Cisco Unified Communications Manager | =5.1\(2b\) | |
| Cisco Unified Communications Manager | =6.1 | |
| Cisco Unified Communications Manager | =4.2 | |
| Cisco Unified Communications Manager | =4.3 | |
| Cisco Unified Communications Manager | =6.1\(3\) | |
| Cisco Unified Communications Manager | =6.1\(1\) | |
| Cisco Unified Communications Manager | =5.1\(3d\) | |
| Cisco Unified Communications Manager | =4.2\(3\)sr1 | |
| Cisco Unified Communications Manager | =4.3\(1\)sr.1 | |
| Cisco Unified Communications Manager | =7.0\(1\) | |
| Cisco Unified Communications Manager | =4.2\(3\)sr4 | |
| Cisco Unified Communications Manager | =5.1\(3\) | |
| Cisco Unified Communications Manager | =4.1 | |
| Cisco Unified Communications Manager | =6.0\(1a\) | |
| Cisco Unified Communications Manager | =5.1\(1\) | |
| Cisco Unified Communications Manager | =7.0 | |
| Cisco Unified Communications Manager | =4.3\(2\) | |
| Cisco Unified Communications Manager | =6.1\(2\)su1 | |
| Cisco Unified Communications Manager | =5.1\(3a\) | |
| Cisco Unified Communications Manager | =6.0 | |
| Cisco Unified Communications Manager | =4.2\(3\)sr3 | |
| Cisco Unified Communications Manager | =6.1\(1a\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/34082
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080a8643c.shtml
- http://www.vupen.com/english/advisories/2009/0675
- http://www.securitytracker.com/id?1021839
- http://secunia.com/advisories/34238
- http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a86434.html
- http://osvdb.org/52589
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49196
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- vendor/cisco
- canonical/cisco unified communications manager
- version/cisco unified communications manager/5.1\(3c\)
- version/cisco unified communications manager/6.1\(2\)
- version/cisco unified communications manager/5.1\(2a\)
- version/cisco unified communications manager/6.0\(1\)
- version/cisco unified communications manager/5.1\(2\)
- version/cisco unified communications manager/4.2\(3\)sr2b
- version/cisco unified communications manager/5.0
- version/cisco unified communications manager/4.3\(2\)sr1
- version/cisco unified communications manager/5.1\(2b\)
- version/cisco unified communications manager/6.1
- version/cisco unified communications manager/4.2
- version/cisco unified communications manager/4.3
- version/cisco unified communications manager/6.1\(3\)
- version/cisco unified communications manager/6.1\(1\)
- version/cisco unified communications manager/5.1\(3d\)
- version/cisco unified communications manager/4.2\(3\)sr1
- version/cisco unified communications manager/4.3\(1\)sr.1
- version/cisco unified communications manager/7.0\(1\)
- version/cisco unified communications manager/4.2\(3\)sr4
- version/cisco unified communications manager/5.1\(3\)
- version/cisco unified communications manager/4.1
- version/cisco unified communications manager/6.0\(1a\)
- version/cisco unified communications manager/5.1\(1\)
- version/cisco unified communications manager/7.0
- version/cisco unified communications manager/4.3\(2\)
- version/cisco unified communications manager/6.1\(2\)su1
- version/cisco unified communications manager/5.1\(3a\)
- version/cisco unified communications manager/6.0
- version/cisco unified communications manager/4.2\(3\)sr3
- version/cisco unified communications manager/6.1\(1a\)