nuclei-templates/http/vulnerabilities/cisco/cucm-username-enumeration.yaml

39 lines
1.0 KiB
YAML
Raw Normal View History

id: cucm-username-enumeration
info:
2022-03-04 16:42:30 +00:00
name: Cisco Unified Call Manager Username Enumeration
author: manasmbellani
severity: medium
2023-10-14 11:27:55 +00:00
remediation: To mitigate this, enable Contact Search Authentication.
reference:
- https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/
metadata:
max-request: 1
2023-10-14 11:27:55 +00:00
tags: cisco,cucm,unauth,enum
http:
- method: GET
path:
- "{{BaseURL}}/cucm-uds/users"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- '<userName>'
- '<lastName>'
- '<phoneNumber>'
condition: and
- type: dsl
dsl:
- contains(tolower(content_type), 'application/xml')
- contains(tolower(content_type), 'text/xml')
condition: or
# digest: 490a0046304402204dd1db895cabcf352a609316ad9af524665584d005c6481b168865986e35de3202205c460c9f101d3420590335eb4cbf9703b12982753a4718057ee255d9a34436e1:922c64590222798bb761d5b6d8e72950