Cisco Unified CM IM&P Logging Credential Exposure
CVE-2024-20457 Published on November 6, 2024

Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability
A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.

NVD

Vulnerability Analysis

CVE-2024-20457 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2024-20457 has been classified to as an Information Disclosure vulnerability or weakness.

Products Associated with CVE-2024-20457

Want to know whenever a new CVE is published for Cisco Unified Communications Manager Im Presence Service? stack.watch will email you.

Cisco Unified Communications Manager Im Presence Service

Affected Versions

Cisco Unified Communications Manager IM and Presence Service:

Version 11.5(1)SU6 is affected.
Version 10.5(1)SU1 is affected.
Version 10.5(1)SU2 is affected.
Version 12.5(1) is affected.
Version 10.5(2)SU2a is affected.
Version 11.5(1)SU3a is affected.
Version 10.0(1)SU2 is affected.
Version 10.5(2)SU2 is affected.
Version 11.0 is affected.
Version 10.5(2)SU3 is affected.
Version 10.5(1)SU3 is affected.
Version 11.5(1)SU1 is affected.
Version 11.0(1) is affected.
Version 10.5(2)SU4 is affected.
Version 11.0(1)SU1 is affected.
Version 11.5(1)SU2 is affected.
Version 11.5(1)SU5 is affected.
Version 10.0(1)SU1 is affected.
Version 11.5(1)SU3 is affected.
Version 10.5(2)SU4a is affected.
Version 10.5(2) is affected.
Version 11.5(1)SU5a is affected.
Version 11.5(1)SU4 is affected.
Version 12.5(1)SU1 is affected.
Version 10.0(1) is affected.
Version 10.5(2b) is affected.
Version 10.5(2)SU1 is affected.
Version 10.5(1) is affected.
Version 10.5(2a) is affected.
Version 11.5(1) is affected.
Version 12.5(1)SU2 is affected.
Version 11.5(1)SU7 is affected.
Version 11.5(1)SU8 is affected.
Version 12.5(1)SU3 is affected.
Version 11.5(1)SU9 is affected.
Version 12.5(1)SU4 is affected.
Version 14 is affected.
Version 11.5(1)SU10 is affected.
Version 12.5(1)SU5 is affected.
Version 14SU1 is affected.
Version 12.5(1)SU6 is affected.
Version 11.5(1)SU11 is affected.
Version 14SU2 is affected.
Version 14SU2a is affected.
Version 12.5(1)SU7 is affected.
Version 14SU3 is affected.
Version 12.5(1)SU8 is affected.
Version 15 is affected.
Version 15SU1 is affected.
Version 14SU4 is affected.

Exploit Probability

EPSS

0.42%

Percentile

61.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Cisco Unified CM IM&P Logging Credential ExposureCVE-2024-20457 Published on November 6, 2024

Vulnerability Analysis

Weakness Type

What is an Information Disclosure Vulnerability?

Products Associated with CVE-2024-20457

Affected Versions

Exploit Probability

Cisco Unified CM IM&P Logging Credential Exposure
CVE-2024-20457 Published on November 6, 2024