VDB
CVE-2024-20457
CVE-2024-20457
PUBLISHED
In Cisco Unified Communications Manager IM & Presence Service besteht eine Schwachstelle. Dieser Fehler existiert in der Protokollierungskomponente wegen der Speicherung von unverschlüsselten Anmeldeinformationen in bestimmten Protokollen. Ein entfernter authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.
EPSS 0.57% · 69.2th percentile
Risk Scores
EPSS Score
0.57%
69.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Unified Communications Manager IM & Presence Service <12.5(1)SU9 | |
| Cisco | Cisco Unified Communications Manager IM & Presence Service <14SU5 (2025) | |
| Cisco | Cisco Unified Communications Manager IM & Presence Service <15SU2 |
Exploit Intelligence
- CIRCL seen: CVE-2024-20457 (circl-sighting)
- CIRCL seen: CVE-2024-20457 (circl-sighting)
- CIRCL seen: CVE-2024-20457 (circl-sighting)
- CIRCL seen: CVE-2024-20457 (circl-sighting)
- CIRCL seen: CVE-2024-20457 (circl-sighting)
- cisco-sa-imp-inf-disc-cUPKuA5n (circl)
Timeline
- Nov 6, 2024 Coalition ESS Score
- Nov 6, 2024 CVE Published
- Nov 6, 2024 PoC Published
- Nov 6, 2024 PoC Published
- Nov 7, 2024 EPSS Score
- Nov 7, 2024 PoC Published
- Nov 7, 2024 PoC Published
- Nov 7, 2024 PoC Published
- Nov 25, 2024 EPSS Score
- Dec 14, 2024 EPSS Score
- Dec 21, 2024 Coalition ESS Score
- Jan 1, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3356.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3356 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n?amp%3B_Presence_Service_Information_Disclosure_Vulnerability%26vs_k=1 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW advisory