CVE-2019-15963: Cisco Unified Communications Manager Information Disclosure Vulnerability
First published: Wed Sep 23 2020(Updated: )
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager | >=10.5<=10.5\(2.10000.5\) | |
| Cisco Unified Communications Manager | >=11.5<=11.5\(1.10000.6\) | |
| Cisco Unified Communications Manager | >=12.0<=12.0\(1.10000.10\) | |
| Cisco Unified Communications Manager | >=12.5<=12.5\(1.10000.22\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-15963?
CVE-2019-15963 is a vulnerability in the web-based management interface of Cisco Unified Communications Manager that allows an authenticated, remote attacker to view sensitive information.
How severe is CVE-2019-15963?
CVE-2019-15963 has a severity rating of 6.5 (medium).
Which versions of Cisco Unified Communications Manager are affected by CVE-2019-15963?
CVE-2019-15963 affects Cisco Unified Communications Manager versions 10.5 to 12.5.
How can I fix CVE-2019-15963?
To fix CVE-2019-15963, Cisco recommends applying the necessary updates.
Where can I find more information about CVE-2019-15963?
You can find more information about CVE-2019-15963 on the Cisco Security Advisory page: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-cuc-info-disclosure
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/title
- agent/last-modified-date
- agent/author
- agent/references
- agent/first-publish-date
- agent/tags
- agent/event
- agent/description
- vendor/cisco
- canonical/cisco unified communications manager
- version/cisco unified communications manager/10.5
- version/cisco unified communications manager/10.5\(2.10000.5\)
- version/cisco unified communications manager/11.5
- version/cisco unified communications manager/11.5\(1.10000.6\)
- version/cisco unified communications manager/12.0
- version/cisco unified communications manager/12.0\(1.10000.10\)
- version/cisco unified communications manager/12.5
- version/cisco unified communications manager/12.5\(1.10000.22\)