Cisco Bug: CSCvt45220 - Cisco Unified Customer Voice Portal Information Disclosure Vulnerability
Jul 22, 2020
- Cisco Unified Customer Voice Portal
Known Affected Releases
11.0(1) 11.5(1) 11.6(1) 12.0(1)
Symptom: A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-info-dislosure-NZBEwj9V Conditions: At the time of publication, this vulnerability affected Cisco Unified CVP releases 12.5(1) and earlier.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases