Cisco Unified Communications Manager RIS Data Collector Service Authentication Bypass Vulnerability

Cisco Unified Communications Manager RIS Data Collector Service Authentication Bypass Vulnerability

Cisco Unified Communications Manager (CUCM) is prone to an authentication-bypass vulnerability that affects the Real-Time Information Server (RIS) Data Collector service.

Attackers can exploit this issue to gain read-only access to potentially sensitive information about a CUCM cluster. Information harvested can aid in further attacks.

The following versions of CUCM are affected:

4.2 prior to 4.2(3)SR4
4.3 prior to 4.3(2)SR1
5.0 prior to 5.1(3c)
6.0 prior to 6.1(2)

Unified CallManager 4.1 versions are also affected.