Unified Communications Manager Im And Presence Service
CVE-2024-20457
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (cisco) · only source for this CVE.
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.
This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.
AnalysisAI
A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device. Affected products include: Cisco Unified Communications Manager Im And Presence Service.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that a
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System softw
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenti
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified C
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (for
A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence
A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service coul
Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) S
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today