Vigil@nce - Cisco Unity Connection: sensitive information leak in the log files of Unified Messaging Service
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can read log files of Unified Messaging Service
of Cisco Unity Connection, in order to obtain sensitive
information.
Impacted products: Cisco Unity
Severity: 2/4
Creation date: 06/11/2014
DESCRIPTION OF THE VULNERABILITY
The log files of Cisco Unity Connection can be reviewed remotely.
However, sensitive information are recorded in these log files.
An attacker who can read the log files of Unified Messaging
Service of Cisco Unity Connection, can therefore obtain sensitive
information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN