Risk | Medium |
Patch available | NO |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-3402 |
CWE-ID | CWE-306 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
Cisco Unified Customer Voice Portal Server applications / Other server solutions |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU29451
Risk: Medium
CVSSv3.1: 5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C]
CVE-ID: CVE-2020-3402
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the target system.
The vulnerability exists due the certain Java Remote Method Invocation (RMI) listeners are not properly authenticated. A remote attacker can send a specially crafted request and gain access to sensitive information on the target device.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco Unified Customer Voice Portal: 11.5.1 - 12.5.1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.