CVE-2024-20457

A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\)su2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\)su2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\)su3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su2a:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su4:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su4a:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2b\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\(1\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su3a:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su4:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su5:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su5a:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su6:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su7:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su8:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su9:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su10:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su11:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su4:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su5:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su6:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su7:::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su8:::::::*

History

07 Aug 2025, 19:11

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad en el componente de registro de Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) podría permitir que un atacante remoto autenticado vea información confidencial en texto plano en un sistema afectado. Esta vulnerabilidad se debe al almacenamiento de credenciales no cifradas en ciertos registros. Un atacante podría aprovechar esta vulnerabilidad accediendo a los registros de un sistema afectado y obteniendo credenciales a las que normalmente no tendría acceso. Una explotación exitosa podría permitir al atacante acceder a información confidencial del dispositivo.
First Time		Cisco Cisco unified Communications Manager Im And Presence Service
CPE		cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su5:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su8:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\)su2:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su6:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su2a:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su2:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\):::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2a\):::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su11:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\):::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\)su3:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su4:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2b\):::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su1:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su7:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su3:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\(1\):::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\)su1:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\):::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\)su2:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su3a:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su8:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su5:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su1:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su4a:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su6:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su4:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su9:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\)su1:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su2:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\(1\)su1:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su4:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su5a:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su10:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su2:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su7:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su3:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su1:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\):::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su3:::::::* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):::::::*
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n - Vendor Advisory

06 Nov 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-06 17:15

Updated : 2025-08-07 19:11

NVD link : CVE-2024-20457

Mitre link : CVE-2024-20457

CVE.ORG link : CVE-2024-20457

JSON object : View

Products Affected

cisco

unified_communications_manager_im_and_presence_service

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

6.5 /10