CVE-2013-7030

The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:00

Type Values Removed Values Added
References () http://osvdb.org/100916 - () http://osvdb.org/100916 -
References () http://www.exploit-db.com/exploits/30237/ - Exploit, VDB Entry () http://www.exploit-db.com/exploits/30237/ - Exploit, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/89649 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/89649 -

29 Oct 2024, 15:35

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : unknown
v2 : 5.0
v3 : 7.3

07 Nov 2023, 02:17

Type Values Removed Values Added
Summary ** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue. The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue

Information

Published : 2013-12-12 17:55

Updated : 2024-11-21 02:00


NVD link : CVE-2013-7030

Mitre link : CVE-2013-7030

CVE.ORG link : CVE-2013-7030


JSON object : View

Products Affected

cisco

  • unified_communications_manager
CWE
CWE-310

Cryptographic Issues