Primary

Context

Cisco Unified Intelligence Center API Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in the API subsystem of Cisco Unified Intelligence Center (CUIC) versions 12.6 and earlier, as well as 15.0, that could allow an authenticated, remote attacker to access sensitive information from the affected system. This issue arises from improper validation of requests to certain API endpoints, enabling a low-privileged user to view restricted information. Exploitation requires valid user credentials on the affected system.

Impact

Successful exploitation could allow a low-privileged user to access sensitive information on the affected system that is normally restricted.

Remediation

Cisco has released software updates to address this vulnerability. Users should upgrade to Cisco Unified Intelligence Center version 15.0(01) ES202508 or a later release. For versions 12.6 and earlier, users should migrate to a fixed release.

Added: Nov 5, 2025, 5:27 PM

Updated: Nov 5, 2025, 5:27 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Unified Intelligence Center API Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco Unified Intelligence Center

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating