We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-20457

Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability



Description

A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.

Reserved 2023-11-08 | Published 2024-11-06 | Updated 2024-11-06 | Assigner cisco


MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
unknown

11.5(1)SU6
affected

10.5(1)SU1
affected

10.5(1)SU2
affected

12.5(1)
affected

10.5(2)SU2a
affected

11.5(1)SU3a
affected

10.0(1)SU2
affected

10.5(2)SU2
affected

11.0
affected

10.5(2)SU3
affected

10.5(1)SU3
affected

11.5(1)SU1
affected

11.0(1)
affected

10.5(2)SU4
affected

11.0(1)SU1
affected

11.5(1)SU2
affected

11.5(1)SU5
affected

10.0(1)SU1
affected

11.5(1)SU3
affected

10.5(2)SU4a
affected

10.5(2)
affected

11.5(1)SU5a
affected

11.5(1)SU4
affected

12.5(1)SU1
affected

10.0(1)
affected

10.5(2b)
affected

10.5(2)SU1
affected

10.5(1)
affected

10.5(2a)
affected

11.5(1)
affected

12.5(1)SU2
affected

11.5(1)SU7
affected

11.5(1)SU8
affected

12.5(1)SU3
affected

11.5(1)SU9
affected

12.5(1)SU4
affected

14
affected

11.5(1)SU10
affected

12.5(1)SU5
affected

14SU1
affected

12.5(1)SU6
affected

11.5(1)SU11
affected

14SU2
affected

14SU2a
affected

12.5(1)SU7
affected

14SU3
affected

12.5(1)SU8
affected

15
affected

15SU1
affected

14SU4
affected

References

sec.cloudapps.cisco.com/...ry/cisco-sa-imp-inf-disc-cUPKuA5n (cisco-sa-imp-inf-disc-cUPKuA5n)

cve.org (CVE-2024-20457)

nvd.nist.gov (CVE-2024-20457)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-20457

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.