Vulnerability Name: CVE-2011-1643 (CCN-69399) Assigned: 2011-08-24 Published: 2011-08-24 Updated: 2012-06-15 Summary: Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833. CVSS v3 Severity: 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C )7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.1 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N )5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-200 Vulnerability Consequences: Obtain Information References: Source: MITRE Type: CNACVE-2011-1643 Source: CCN Type: SA45772Cisco Products Open Query Interface Information Disclosure Security Issue Source: CISCO Type: Vendor Advisory20110824 Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server Source: CCN Type: cisco-sa-20110824-cucm-cupsOpen Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server Source: CCN Type: OSVDB ID: 74779Cisco Multiple Products Open Query Interface Remote Information Disclosure Source: CCN Type: BID-49299Cisco Unified Communications Manager and Presence Server Information Disclosure Vulnerability Source: XF Type: UNKNOWNcisco-presence-query-info-disclosure(69399) Vulnerable Configuration: Configuration 1 :cpe:/a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(1):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(1a):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(1b):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(2):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(2)su1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(2)su1a:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(3):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(3a):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(3b):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(3b)su1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(4):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(4)su1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(4a):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(4a)su2:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(5):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(5)su1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(5)su2:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.0(1)su1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.0(1)su1a:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.0(2):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.0(2a):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.0(2a)su1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.0(2a)su2:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(2a):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(2a)su1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(2b):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(2b)su1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(3):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(3a):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(3a)su1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(3a)su1a:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(3b):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(3b)su1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(3b)su2:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(5):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(5)su1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(5)su1a:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(5a):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(5b):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(5b)su1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(5b)su1a:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(5b)su2:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1(5b)su3:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:8.5(1):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:8.5(1)su1:*:*:*:*:*:*:* Configuration 2 :cpe:/a:cisco:unified_presence_server:6.0(1):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:6.0(2):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:6.0(3):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:6.0(4):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:6.0(5):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:6.0(6):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:6.0(7):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:7.0(1):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:7.0(2):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:7.0(3):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:7.0(4):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:7.0(5):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:7.0(6):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:7.0(7):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:7.0(8):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:7.0(9):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:8.0:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:8.5:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:8.5(1):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:8.5(2):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:8.5(3):*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:cisco:unified_communications_manager:6.0(1a):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:6.0(1):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:6.0(2):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(1a):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(1):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.0(1):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:6.0:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(2)su1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(2):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1.0:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.0(1):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:6.0(3):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:7.0:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:6.0(4):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:6.0(5):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:7.0(2):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_presence_server:7.0(3):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(1b):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:6.1(2)su1a:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.0(2):*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:7.1:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
cisco unified communications manager 6.0
cisco unified communications manager 6.1(1)
cisco unified communications manager 6.1(1a)
cisco unified communications manager 6.1(1b)
cisco unified communications manager 6.1(2)
cisco unified communications manager 6.1(2)su1
cisco unified communications manager 6.1(2)su1a
cisco unified communications manager 6.1(3)
cisco unified communications manager 6.1(3a)
cisco unified communications manager 6.1(3b)
cisco unified communications manager 6.1(3b)su1
cisco unified communications manager 6.1(4)
cisco unified communications manager 6.1(4)su1
cisco unified communications manager 6.1(4a)
cisco unified communications manager 6.1(4a)su2
cisco unified communications manager 6.1(5)
cisco unified communications manager 6.1(5)su1
cisco unified communications manager 6.1(5)su2
cisco unified communications manager 7.0(1)su1
cisco unified communications manager 7.0(1)su1a
cisco unified communications manager 7.0(2)
cisco unified communications manager 7.0(2a)
cisco unified communications manager 7.0(2a)su1
cisco unified communications manager 7.0(2a)su2
cisco unified communications manager 7.1(2a)
cisco unified communications manager 7.1(2a)su1
cisco unified communications manager 7.1(2b)
cisco unified communications manager 7.1(2b)su1
cisco unified communications manager 7.1(3)
cisco unified communications manager 7.1(3a)
cisco unified communications manager 7.1(3a)su1
cisco unified communications manager 7.1(3a)su1a
cisco unified communications manager 7.1(3b)
cisco unified communications manager 7.1(3b)su1
cisco unified communications manager 7.1(3b)su2
cisco unified communications manager 7.1(5)
cisco unified communications manager 7.1(5)su1
cisco unified communications manager 7.1(5)su1a
cisco unified communications manager 7.1(5a)
cisco unified communications manager 7.1(5b)
cisco unified communications manager 7.1(5b)su1
cisco unified communications manager 7.1(5b)su1a
cisco unified communications manager 7.1(5b)su2
cisco unified communications manager 7.1(5b)su3
cisco unified communications manager 8.0
cisco unified communications manager 8.5
cisco unified communications manager 8.5(1)
cisco unified communications manager 8.5(1)su1
cisco unified presence server 6.0(1)
cisco unified presence server 6.0(2)
cisco unified presence server 6.0(3)
cisco unified presence server 6.0(4)
cisco unified presence server 6.0(5)
cisco unified presence server 6.0(6)
cisco unified presence server 6.0(7)
cisco unified presence server 7.0(1)
cisco unified presence server 7.0(2)
cisco unified presence server 7.0(3)
cisco unified presence server 7.0(4)
cisco unified presence server 7.0(5)
cisco unified presence server 7.0(6)
cisco unified presence server 7.0(7)
cisco unified presence server 7.0(8)
cisco unified presence server 7.0(9)
cisco unified presence server 8.0
cisco unified presence server 8.5
cisco unified presence server 8.5(1)
cisco unified presence server 8.5(2)
cisco unified presence server 8.5(3)
cisco unified communications manager 6.0(1a)
cisco unified communications manager 6.0
cisco unified presence server 6.0(1)
cisco unified presence server 6.0(2)
cisco unified communications manager 6.1(1a)
cisco unified communications manager 6.1
cisco unified communications manager 6.1(1)
cisco unified communications manager 6.0(1)
cisco unified presence server 6.0
cisco unified communications manager 6.1(2)su1
cisco unified communications manager 6.1(2)
cisco unified communications manager 7.0
cisco unified communications manager 6.1.0
cisco unified communications manager 7.0(1)
cisco unified presence server 6.0(3)
cisco unified presence server 7.0
cisco unified presence server 6.0(4)
cisco unified presence server 6.0(5)
cisco unified presence server 7.0(2)
cisco unified presence server 7.0(3)
cisco unified communications manager 6.1(1b)
cisco unified communications manager 6.1(2)su1a
cisco unified communications manager 7.0(2)
cisco unified communications manager 7.1
cisco unified communications manager 8.0