Authentication bypass in Cisco Unified Contact Center Express - CVE-2017-6722
Published: June 23, 2017
Vulnerability identifier: #VU7188
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6722
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Unified Contact Center Express
Cisco Unified Contact Center Express
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to bypass authentication.
The weakness exists in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) due to the XMPP service incorrectly processing an unsecured HTTP port for third-party, remote presence monitoring. A remote attacker can gain unauthorized access to the system.
The weakness exists in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) due to the XMPP service incorrectly processing an unsecured HTTP port for third-party, remote presence monitoring. A remote attacker can gain unauthorized access to the system.
How to mitigate CVE-2017-6722
Update to version 11.5(1.10000.61).