Main Vulnerability Database Vulnerabilities #VU24166

Permissions, Privileges, and Access Controls in Cisco Unified Customer Voice Portal - CVE-2019-16017

Published: January 9, 2020

Vulnerability identifier: #VU24166

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:U/U:Green

CVE-ID: CVE-2019-16017

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Unified Customer Voice Portal

Detailed vulnerability description

The vulnerability allows a remote user to execute Insecure Direct Object Reference actions on specific pages within the OAMP application.

The vulnerability exists due to insufficient input validation on specific pages in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Server. A remote administrator can send a specially crafted HTTP request and modify certain configuration details of resources outside of their defined scope, which could result in a denial of service (DoS) condition.

How to mitigate CVE-2019-16017

Install updates from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-cvp-direct-obj-ref

Permissions, Privileges, and Access Controls in Cisco Unified Customer Voice Portal - CVE-2019-16017

Detailed vulnerability description

How to mitigate CVE-2019-16017

Sources

Please verify you're human