Vulnerability Name:

CVE-2009-0632 (CCN-49196)

Assigned:2009-03-11
Published:2009-03-11
Updated:2017-08-17
Summary:The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.
Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a8643c.shtml

"Impact

Successful exploitation of this vulnerability may allow an attacker to intercept user credentials that allow the attacker to escalate their privilege level and obtain complete administrative access to a vulnerable Cisco Unified Communications Manager system. If integrated with an external directory service, the intercepted user credentials may allow an attacker to gain access to additional systems configured to use the directory service for authentication."
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-255
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2009-0632

Source: OSVDB
Type: UNKNOWN
52589

Source: CCN
Type: SA34238
Cisco Unified Communications Manager IP Phone PAB Information Disclosure

Source: SECUNIA
Type: UNKNOWN
34238

Source: CCN
Type: SECTRACK ID: 1021839
Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Sends Passwords in Clear Text

Source: CISCO
Type: UNKNOWN
20090311 Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability

Source: CISCO
Type: Patch, Vendor Advisory
20090311 Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability

Source: CCN
Type: cisco-sa-20090311-cucmpab
Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability

Source: CCN
Type: OSVDB ID: 52589
Cisco Unified Communications Manager IP Phone PAB Disclosure Privilege Escalation

Source: BID
Type: UNKNOWN
34082

Source: CCN
Type: BID-34082
Cisco Unified Communications Manager PAB Synchronizer Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021839

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-0675

Source: XF
Type: UNKNOWN
cucm-pab-privilege-escalation(49196)

Source: XF
Type: UNKNOWN
cucm-pab-privilege-escalation(49196)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2(3)sr1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2(3)sr2b:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2(3)sr3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2(3)sr4:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3(1)sr.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3(2)sr1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(2a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(2b):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3c):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3d):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0(1a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(1a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(2)su1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(3):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:7.0(1):*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:unified_communications_manager:5.1(2b):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0(1a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(1a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.0(1):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(2)su1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:6.1(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(2a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3d):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3a):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:5.1(3c):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3(1)sr.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:4.3(2)sr1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco unified communications manager 4.1
    cisco unified communications manager 4.2
    cisco unified communications manager 4.2(3)sr1
    cisco unified communications manager 4.2(3)sr2b
    cisco unified communications manager 4.2(3)sr3
    cisco unified communications manager 4.2(3)sr4
    cisco unified communications manager 4.3
    cisco unified communications manager 4.3(1)sr.1
    cisco unified communications manager 4.3(2)
    cisco unified communications manager 4.3(2)sr1
    cisco unified communications manager 5.0
    cisco unified communications manager 5.1(1)
    cisco unified communications manager 5.1(2)
    cisco unified communications manager 5.1(2a)
    cisco unified communications manager 5.1(2b)
    cisco unified communications manager 5.1(3)
    cisco unified communications manager 5.1(3a)
    cisco unified communications manager 5.1(3c)
    cisco unified communications manager 5.1(3d)
    cisco unified communications manager 6.0
    cisco unified communications manager 6.0(1)
    cisco unified communications manager 6.0(1a)
    cisco unified communications manager 6.1
    cisco unified communications manager 6.1(1)
    cisco unified communications manager 6.1(1a)
    cisco unified communications manager 6.1(2)
    cisco unified communications manager 6.1(2)su1
    cisco unified communications manager 6.1(3)
    cisco unified communications manager 7.0
    cisco unified communications manager 7.0(1)
    cisco unified communications manager 5.1(2b)
    cisco unified communications manager 6.0(1a)
    cisco unified communications manager 5.0
    cisco unified communications manager 4.2.3sr2
    cisco unified communications manager 4.2.3sr2b
    cisco unified communications manager 4.3
    cisco unified communications manager 5.1(1)
    cisco unified communications manager 5.1(2)
    cisco unified communications manager 6.0
    cisco unified communications manager 6.1(1a)
    cisco unified communications manager 6.1
    cisco unified communications manager 6.1(1)
    cisco unified communications manager 6.0(1)
    cisco unified communications manager 6.1(2)su1
    cisco unified communications manager 6.1(2)
    cisco unified communications manager 5.1(2a)
    cisco unified communications manager 5.1(3d)
    cisco unified communications manager 5.1(3)
    cisco unified communications manager 5.1(3a)
    cisco unified communications manager 5.1(3c)
    cisco unified communications manager 4.3(1)sr.1
    cisco unified communications manager 4.3(2)
    cisco unified communications manager 4.3(2)sr1