N/A

The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.

N/A

N/A

Cisco统一通讯管理器PAB同步程序权限提升漏洞

Cisco Unified Communications Manager(CUCM，之前被称为CallManager)是Cisco IP电话解决方案中的呼叫处理组件。 Cisco统一通讯管理器的Cisco IP电话个人地址簿(PAB)同步程序功能允许用户保持Cisco统一通讯管理器地址簿与Microsoft Windows地址簿同步。IP电话PAB同步程序功能中存在权限提升漏洞，允许攻击者获得对有漏洞的Cisco统一通讯管理器系统的完全管理访问。 Cisco Unified Communications

N/A

N/A