First published: Wed Jul 06 2022(Updated: )
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Unified CM | =14<14SU1=12.5(1)<12.5(1)SU6 | 14SU1 12.5(1)SU6 |
Cisco Unified CM SME | =14<14SU1=12.5(1)<12.5(1)SU6 | 14SU1 12.5(1)SU6 |
Cisco Unity Connection | =14<14SU1=12.5(1)<12.5(1)SU6 | 14SU1 12.5(1)SU6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The Cisco Unified Communications Products Timing Attack Vulnerability is a vulnerability in Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, and Cisco Unity Connection that allows an unauthenticated, remote attacker to perform a timing attack.
The Cisco Unified Communications Products Timing Attack Vulnerability occurs due to insufficient protection of sensitive information during cryptographic operations by affected Cisco products.
The severity of the Cisco Unified Communications Products Timing Attack Vulnerability is medium, with a severity value of 5.3.
The Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, and Cisco Unity Connection are affected by the Cisco Unified Communications Products Timing Attack Vulnerability.
To mitigate the Cisco Unified Communications Products Timing Attack Vulnerability, apply the recommended updates provided by Cisco for the affected products.