Title: Cisco CallManager Express SIP User Directory Information Disclosure Vulnerability
Severity: MODERATE
Description:
Cisco CallManager is a software-based call-processing component of the Cisco IP telephony solution.
Cisco CallManager is prone to an information-disclosure vulnerability.
This issue occurs because the application fails to protect sensitive data from an attacker. In particular, the application fails to prevent an attacker from manipulating the Session Initiation Protocol stack. An attacker could send messages back and forth and obtain the names of the users that are stored in the Session Initiation protocol database. This vulnerability is documented in Cisco bug ID CSCse92417.
An attacker could exploit this issue to retrieve potentially sensitive information that may aid in further attacks.
Affected Products:
- Cisco CallManager Express 3.0
References:
- Cisco: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Monitoring,
- Cisco: Cisco Security Monitoring, Analysis and Response System Homepage
- Cisco Systems: Cisco Call Manager Express
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
