Vulnerability Details CVE-2016-1319
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.9%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm
- http://www.securitytracker.com/id/1034958
- http://www.securitytracker.com/id/1034959
- http://www.securitytracker.com/id/1034960
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm
- http://www.securitytracker.com/id/1034958
- http://www.securitytracker.com/id/1034959
- http://www.securitytracker.com/id/1034960
Products affected by CVE-2016-1319
-
cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5
-
cpe:2.3:o:sun:opensolaris:snv_124
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:-
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.40
-
cpe:2.3:o:zzinc:keymouse_firmware:3.08