VYPR
Unrated severityNVD Advisory· Published Mar 12, 2009· Updated Jun 16, 2026

CVE-2009-0632

CVE-2009-0632

Description

The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

33
  • cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*+ 30 more
    • cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:4.2\(3\)sr1:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:4.2\(3\)sr2b:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:4.2\(3\)sr3:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:4.2\(3\)sr4:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:4.3\(1\)sr.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:4.3\(2\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:4.3\(2\)sr1:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:5.1\(1\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:5.1\(2\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:5.1\(2a\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:5.1\(2b\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:5.1\(3\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:5.1\(3a\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:5.1\(3c\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:5.1\(3d\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:6.0\(1\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:6.0\(1a\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:6.1\(1\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:6.1\(1a\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:6.1\(3\):*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\):*:*:*:*:*:*:*
    • (no CPE)range: 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2)
  • Range: 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2)
  • Range: 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2)

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.