CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-0632

The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 80.0%

CVSS Severity

CVSS v2 Score 9.0

References

Products affected by CVE-2009-0632

Cisco » Unified Communications Manager » Version: 4.1

cpe:2.3:a:cisco:unified_communications_manager:4.1
Cisco » Unified Communications Manager » Version: 4.2

cpe:2.3:a:cisco:unified_communications_manager:4.2
Cisco » Unified Communications Manager » Version: 4.2(3)sr1

cpe:2.3:a:cisco:unified_communications_manager:4.2(3)sr1
Cisco » Unified Communications Manager » Version: 4.2(3)sr2b

cpe:2.3:a:cisco:unified_communications_manager:4.2(3)sr2b
Cisco » Unified Communications Manager » Version: 4.2(3)sr3

cpe:2.3:a:cisco:unified_communications_manager:4.2(3)sr3
Cisco » Unified Communications Manager » Version: 4.2(3)sr4

cpe:2.3:a:cisco:unified_communications_manager:4.2(3)sr4
Cisco » Unified Communications Manager » Version: 4.3

cpe:2.3:a:cisco:unified_communications_manager:4.3
Cisco » Unified Communications Manager » Version: 4.3(1)sr.1

cpe:2.3:a:cisco:unified_communications_manager:4.3(1)sr.1
Cisco » Unified Communications Manager » Version: 4.3(2)

cpe:2.3:a:cisco:unified_communications_manager:4.3(2)
Cisco » Unified Communications Manager » Version: 4.3(2)sr1

cpe:2.3:a:cisco:unified_communications_manager:4.3(2)sr1
Cisco » Unified Communications Manager » Version: 5.0

cpe:2.3:a:cisco:unified_communications_manager:5.0
Cisco » Unified Communications Manager » Version: 5.1(1)

cpe:2.3:a:cisco:unified_communications_manager:5.1(1)
Cisco » Unified Communications Manager » Version: 5.1(2)

cpe:2.3:a:cisco:unified_communications_manager:5.1(2)
Cisco » Unified Communications Manager » Version: 5.1(2a)

cpe:2.3:a:cisco:unified_communications_manager:5.1(2a)
Cisco » Unified Communications Manager » Version: 5.1(2b)

cpe:2.3:a:cisco:unified_communications_manager:5.1(2b)
Cisco » Unified Communications Manager » Version: 5.1(3)

cpe:2.3:a:cisco:unified_communications_manager:5.1(3)
Cisco » Unified Communications Manager » Version: 5.1(3a)

cpe:2.3:a:cisco:unified_communications_manager:5.1(3a)
Cisco » Unified Communications Manager » Version: 5.1(3c)

cpe:2.3:a:cisco:unified_communications_manager:5.1(3c)
Cisco » Unified Communications Manager » Version: 5.1(3d)

cpe:2.3:a:cisco:unified_communications_manager:5.1(3d)
Cisco » Unified Communications Manager » Version: 6.0

cpe:2.3:a:cisco:unified_communications_manager:6.0
Cisco » Unified Communications Manager » Version: 6.0(1)

cpe:2.3:a:cisco:unified_communications_manager:6.0(1)
Cisco » Unified Communications Manager » Version: 6.0(1a)

cpe:2.3:a:cisco:unified_communications_manager:6.0(1a)
Cisco » Unified Communications Manager » Version: 6.1

cpe:2.3:a:cisco:unified_communications_manager:6.1
Cisco » Unified Communications Manager » Version: 6.1(1)

cpe:2.3:a:cisco:unified_communications_manager:6.1(1)
Cisco » Unified Communications Manager » Version: 6.1(1a)

cpe:2.3:a:cisco:unified_communications_manager:6.1(1a)
Cisco » Unified Communications Manager » Version: 6.1(2)

cpe:2.3:a:cisco:unified_communications_manager:6.1(2)
Cisco » Unified Communications Manager » Version: 6.1(2)su1

cpe:2.3:a:cisco:unified_communications_manager:6.1(2)su1
Cisco » Unified Communications Manager » Version: 6.1(3)

cpe:2.3:a:cisco:unified_communications_manager:6.1(3)
Cisco » Unified Communications Manager » Version: 7.0

cpe:2.3:a:cisco:unified_communications_manager:7.0
Cisco » Unified Communications Manager » Version: 7.0(1)

cpe:2.3:a:cisco:unified_communications_manager:7.0(1)

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-0632

Products

Pricing

Contact Us