nuclei-templates/http/vulnerabilities/cisco/cucm-username-enumeration.yaml

37 lines
866 B
YAML

id: cucm-username-enumeration
info:
name: Cisco Unified Call Manager Username Enumeration
author: manasmbellani
severity: medium
reference:
- https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/
remediation: To mitigate this, enable Contact Search Authentication.
tags: cisco,cucm,unauth,enum
metadata:
max-request: 1
http:
- method: GET
path:
- "{{BaseURL}}/cucm-uds/users"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- '<userName>'
- '<lastName>'
- '<phoneNumber>'
condition: and
- type: dsl
dsl:
- contains(tolower(content_type), 'application/xml')
- contains(tolower(content_type), 'text/xml')
condition: or