Test ID:	1.3.6.1.4.1.25623.1.0.805097
Category:	CISCO
Title:	Cisco Unified Communications Manager Multiple Vulnerabilities
Summary:	Cisco Unified Communications Manager is prone to multiple vulnerabilities.
Description:	Summary: Cisco Unified Communications Manager is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to: - Authenticated users of CUCM can access limited functionality via the web interface and Cisco console (SSH on port 22). Because the SSH server is configured to process several environment variables from the client and a vulnerable version of bash is used, it is possible to exploit command injection via specially crafted environment variables. - The application allows users to view the contents of any locally accessible files on the web server through a vulnerability known as LFI (Local File Inclusion). - The pingExecute servlet allows unauthenticated users to execute pings to arbitrary IP addresses. This could be used by an attacker to enumerate the internal network. - Authentication for some methods in the EPAS SOAP interface can be bypassed by using a hardcoded session ID. The methods 'GetUserLoginInfoHandler' and 'GetLoggedinXMPPUserHandler' are affected. Vulnerability Impact: Successful exploitation may allow remote attackers to spawn a shell running as the user 'admin', enumerate the internal network, view the contents of any locally accessible files on the web server. Affected Software/OS: Cisco Unified Communications Manager 9.x < 9.2, 10.x < 10.5.2, 11.x < 11.0.1. Solution: Upgrade to CUCM version 9.2, 10.5.2 or 11.0.1 pr later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.