Guest

Preview Tool

Cisco Bug: CSCvt45220 - Cisco Unified Customer Voice Portal Information Disclosure Vulnerability

Last Modified

Jul 22, 2020

Products (1)

  • Cisco Unified Customer Voice Portal

Known Affected Releases

11.0(1) 11.5(1) 11.6(1) 12.0(1)

Description (partial)

Symptom:
A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device.

The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-info-dislosure-NZBEwj9V

Conditions:
At the time of publication, this vulnerability affected Cisco Unified CVP releases 12.5(1) and earlier.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.