High severity7.3NVD Advisory· Published Dec 12, 2013· Updated Jun 17, 2026
CVE-2013-7030
CVE-2013-7030
Description
The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/30237/nvdExploitVDB Entry
- osvdb.org/100916nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/89649nvd
News mentions
0No linked articles in our index yet.