CVE-2013-4869

Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0."
CVSS

No CVSS.

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:56

Type Values Removed Values Added
References () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm - Vendor Advisory () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/85883 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/85883 - Third Party Advisory, VDB Entry

Information

Published : 2013-07-18 12:48

Updated : 2024-11-21 01:56


NVD link : CVE-2013-4869

Mitre link : CVE-2013-4869

CVE.ORG link : CVE-2013-4869


JSON object : View

Products Affected

cisco

  • unified_communications_manager
CWE
CWE-522

Insufficiently Protected Credentials