First published: Sat Dec 21 2013(Updated: )
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Unified Communications Manager Session Management Edition | <=9.1\(1\) | |
Cisco Unified Communications Manager Session Management Edition | =3.3\(5\) | |
Cisco Unified Communications Manager Session Management Edition | =3.3\(5\)sr1 | |
Cisco Unified Communications Manager Session Management Edition | =3.3\(5\)sr2a | |
Cisco Unified Communications Manager Session Management Edition | =4.1\(3\) | |
Cisco Unified Communications Manager Session Management Edition | =4.1\(3\)sr1 | |
Cisco Unified Communications Manager Session Management Edition | =4.1\(3\)sr2 | |
Cisco Unified Communications Manager Session Management Edition | =4.1\(3\)sr3 | |
Cisco Unified Communications Manager Session Management Edition | =4.1\(3\)sr4 | |
Cisco Unified Communications Manager Session Management Edition | =4.2 | |
Cisco Unified Communications Manager Session Management Edition | =4.2.1 | |
Cisco Unified Communications Manager Session Management Edition | =4.2.2 | |
Cisco Unified Communications Manager Session Management Edition | =4.2.3 | |
Cisco Unified Communications Manager Session Management Edition | =4.2.3sr1 | |
Cisco Unified Communications Manager Session Management Edition | =4.2.3sr2 | |
Cisco Unified Communications Manager Session Management Edition | =4.2.3sr2b | |
Cisco Unified Communications Manager Session Management Edition | =4.3 | |
Cisco Unified Communications Manager Session Management Edition | =4.3\(1\) | |
Cisco Unified Communications Manager Session Management Edition | =5.0 | |
Cisco Unified Communications Manager Session Management Edition | =5.1 | |
Cisco Unified Communications Manager Session Management Edition | =5.1\(1\) | |
Cisco Unified Communications Manager Session Management Edition | =5.1\(1b\) | |
Cisco Unified Communications Manager Session Management Edition | =5.1\(1c\) | |
Cisco Unified Communications Manager Session Management Edition | =5.1\(2\) | |
Cisco Unified Communications Manager Session Management Edition | =5.1\(2a\) | |
Cisco Unified Communications Manager Session Management Edition | =5.1\(2b\) | |
Cisco Unified Communications Manager Session Management Edition | =5.1\(3\) | |
Cisco Unified Communications Manager Session Management Edition | =5.1\(3a\) | |
Cisco Unified Communications Manager Session Management Edition | =5.1\(3c\) | |
Cisco Unified Communications Manager Session Management Edition | =5.1\(3d\) | |
Cisco Unified Communications Manager Session Management Edition | =5.1\(3e\) | |
Cisco Unified Communications Manager Session Management Edition | =5.1.2 | |
Cisco Unified Communications Manager Session Management Edition | =6.0 | |
Cisco Unified Communications Manager Session Management Edition | =6.0\(1\) | |
Cisco Unified Communications Manager Session Management Edition | =6.0\(1a\) | |
Cisco Unified Communications Manager Session Management Edition | =6.0\(1b\) | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(1\) | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(1a\) | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(1b\) | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(2\) | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(2\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(2\)su1a | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(3\) | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(3a\) | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(3b\) | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(3b\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(4\) | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(4\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(4a\) | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(4a\)su2 | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(5\) | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(5\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(5\)su2 | |
Cisco Unified Communications Manager Session Management Edition | =6.1\(5\)su3 | |
Cisco Unified Communications Manager Session Management Edition | =7.0\(1\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =7.0\(1\)su1a | |
Cisco Unified Communications Manager Session Management Edition | =7.0\(2\) | |
Cisco Unified Communications Manager Session Management Edition | =7.0\(2a\) | |
Cisco Unified Communications Manager Session Management Edition | =7.0\(2a\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =7.0\(2a\)su2 | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(2a\) | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(2a\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(2b\) | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(2b\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(3\) | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(3a\) | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(3a\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(3a\)su1a | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(3b\) | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(3b\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(3b\)su2 | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(5\) | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(5\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(5\)su1a | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(5a\) | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\) | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\)su1a | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\)su2 | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\)su3 | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\)su4 | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\)su5 | |
Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\)su6 | |
Cisco Unified Communications Manager Session Management Edition | =8.0 | |
Cisco Unified Communications Manager Session Management Edition | =8.0\(1\) | |
Cisco Unified Communications Manager Session Management Edition | =8.0\(2\) | |
Cisco Unified Communications Manager Session Management Edition | =8.0\(2a\) | |
Cisco Unified Communications Manager Session Management Edition | =8.0\(2b\) | |
Cisco Unified Communications Manager Session Management Edition | =8.0\(2c\) | |
Cisco Unified Communications Manager Session Management Edition | =8.0\(2c\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =8.0\(3\) | |
Cisco Unified Communications Manager Session Management Edition | =8.0\(3a\) | |
Cisco Unified Communications Manager Session Management Edition | =8.0\(3a\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =8.0\(3a\)su2 | |
Cisco Unified Communications Manager Session Management Edition | =8.0\(3a\)su3 | |
Cisco Unified Communications Manager Session Management Edition | =8.5 | |
Cisco Unified Communications Manager Session Management Edition | =8.5\(1\) | |
Cisco Unified Communications Manager Session Management Edition | =8.5\(1\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =8.5\(1\)su2 | |
Cisco Unified Communications Manager Session Management Edition | =8.5\(1\)su3 | |
Cisco Unified Communications Manager Session Management Edition | =8.5\(1\)su4 | |
Cisco Unified Communications Manager Session Management Edition | =8.5\(1\)su5 | |
Cisco Unified Communications Manager Session Management Edition | =8.6 | |
Cisco Unified Communications Manager Session Management Edition | =8.6\(1\) | |
Cisco Unified Communications Manager Session Management Edition | =8.6\(1a\) | |
Cisco Unified Communications Manager Session Management Edition | =8.6\(2\) | |
Cisco Unified Communications Manager Session Management Edition | =8.6\(2a\) | |
Cisco Unified Communications Manager Session Management Edition | =8.6\(2a\)su1 | |
Cisco Unified Communications Manager Session Management Edition | =8.6\(2a\)su2 | |
Cisco Unified Communications Manager Session Management Edition | =8.6\(2a\)su3 | |
Cisco Unified Communications Manager Session Management Edition | =8.6\(3\) | |
Cisco Unified Communications Manager Session Management Edition | =8.6\(4\) | |
Cisco Unified Communications Manager Session Management Edition | =9.0\(1\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-6978 is classified as a medium severity vulnerability that allows remote authenticated users to access sensitive device information.
To mitigate CVE-2013-6978, it is recommended to upgrade to an updated version of Cisco Unified Communications Manager that resolves this vulnerability.
CVE-2013-6978 affects various versions of Cisco Unified Communications Manager including 9.1(1) and several earlier versions.
The vulnerability can be exploited by remote authenticated users with access to the relevant Cisco Unified Communications Manager interface.
CVE-2013-6978 can expose sensitive device information that is contained within the HTML source code of the application.