SB2017092109 - Privilege escalation in Cisco Unified Customer Voice Portal

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017092109

SB2017092109 - Privilege escalation in Cisco Unified Customer Voice Portal

Published: September 21, 2017

Security Bulletin ID SB2017092109
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Privilege escalation (CVE-ID: CVE-2017-12214)

The vulnerability allows a remote authenticated attacker to gain elevated privileges ob the target system.

The weakness exists in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) due to lack of proper input validation. A remote attacker can authenticate to the OAMP and send a specially crafted HTTP request to gain administrator privileges.

Remediation

Install update from vendor's website.

References