VAR-201507-0366
Vulnerability from variot - Updated: 2025-04-13 23:04Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546. An attacker can leverage this issue to gain unauthorized access to an affected system with the privileges of the root user. A successful exploit could result in a complete system compromise. This issue is being tracked by Cisco Bug ID CSCuq45546. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. There is a security vulnerability in Cisco UCDM 8.x versions of Platform Software prior to version 4.4.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0366",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.4.2"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.4.4"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.4.1"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.4.3"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.x"
},
{
"model": "unified communications domain manager platform software",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "4.4.5"
},
{
"model": "unified communications domain manager platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4.4"
},
{
"model": "unified communications domain manager platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4.3"
},
{
"model": "unified communications domain manager platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4.2"
},
{
"model": "unified communications domain manager platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4.1"
},
{
"model": "unified communications domain manager platform",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4.5"
}
],
"sources": [
{
"db": "BID",
"id": "75514"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003464"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-097"
},
{
"db": "NVD",
"id": "CVE-2015-4196"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:unified_communications_domain_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:unified_communications_domain_manager_platform",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003464"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "75514"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4196",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-4196",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-82157",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4196",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-4196",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-097",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-82157",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82157"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003464"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-097"
},
{
"db": "NVD",
"id": "CVE-2015-4196"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546. \nAn attacker can leverage this issue to gain unauthorized access to an affected system with the privileges of the root user. A successful exploit could result in a complete system compromise. \nThis issue is being tracked by Cisco Bug ID CSCuq45546. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. There is a security vulnerability in Cisco UCDM 8.x versions of Platform Software prior to version 4.4.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4196"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003464"
},
{
"db": "BID",
"id": "75514"
},
{
"db": "VULHUB",
"id": "VHN-82157"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4196",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1032774",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003464",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-097",
"trust": 0.7
},
{
"db": "BID",
"id": "75514",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-82157",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82157"
},
{
"db": "BID",
"id": "75514"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003464"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-097"
},
{
"db": "NVD",
"id": "CVE-2015-4196"
}
]
},
"id": "VAR-201507-0366",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-82157"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:04:08.936000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20150701-cucdm",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150701-cucdm"
},
{
"title": "39512",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39512"
},
{
"title": "cisco-sa-20150701-cucdm",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/113/1130/1130083_cisco-sa-20150701-cucdm-j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003464"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82157"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003464"
},
{
"db": "NVD",
"id": "CVE-2015-4196"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150701-cucdm"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032774"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4196"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4196"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39512"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82157"
},
{
"db": "BID",
"id": "75514"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003464"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-097"
},
{
"db": "NVD",
"id": "CVE-2015-4196"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-82157"
},
{
"db": "BID",
"id": "75514"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003464"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-097"
},
{
"db": "NVD",
"id": "CVE-2015-4196"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-04T00:00:00",
"db": "VULHUB",
"id": "VHN-82157"
},
{
"date": "2015-07-01T00:00:00",
"db": "BID",
"id": "75514"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003464"
},
{
"date": "2015-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-097"
},
{
"date": "2015-07-04T10:59:02.217000",
"db": "NVD",
"id": "CVE-2015-4196"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-82157"
},
{
"date": "2015-07-01T00:00:00",
"db": "BID",
"id": "75514"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003464"
},
{
"date": "2015-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-097"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-4196"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-097"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Communications Domain Manager Platform software in root Vulnerability for which access rights are acquired",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003464"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-097"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…