You are here
Home > Preporuke > Ranjivost Cisco Unified CVP sustava

Ranjivost Cisco Unified CVP sustava

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20170920-cvp

Revision: 1.0

For Public Release: 2017 September 20 16:00 GMT

Last Updated: 2017 September 20 16:00 GMT

CVE ID(s): CVE-2017-12214

CVSS Score v(3): 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary
=======
A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges.

The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZwpDGZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlTig/9F41HKN3maY/Z8aDc
oBGGfyxvULI7FwTVhgYEdx3Oq0ExZi3Tx1YEMzT/0uXkV/QNOsyBQXYe6w/PGCwi
PDfyB8l0c7mvdpLHd9l5T8VvcnXtuX7UUvttL6UbWbYPlkheot+BG9XJnV791G54
4sRbEv8yUN8sR+JrChEcXKSW1nEzb1DyqNpl9GfHYt+vGrHJDqe0lGxFLPRJJ+tA
A/PHOI1OtVtG1eyJXih4Xp9RcffOSv3+BXlvZV9uD1uBlFIR1SGwPOr2zOQndkc1
T7nz0ryfKWQP0zJeDtldJaGs52J0O6z4DmjaLRN0Dn/2fCD4FdFZ0GyaWO4cVPJc
QOsBFgoAIk6n1dQxPWr9rvT/4u+S4CPUKJCL+vC5jPYK5qcnSTAXRnGPz8SdUinW
mXUi1Id1u/MmM8YsnA0SFzjwvutg3RTYg6ky/jD1lP64oeIAiSn7exHE4+Ok10vx
UZMiRH/8zoOFiNFCSd40w+u9UkLgLObV7KWDMAwF0SPeRJHJQ35x9Q+jVLDlduaX
uPQjkvvN/DwRCecl/jKrJ1FOLC/uaZISmB/+C3igfF2pvg5BQHts6wqmkyrS0Xm3
O1nt+kIerxaKPqpVagP07WemqBvpm1INplu7rL3lLGhVdcCRDUIGyxTxEdPwDt+/
OKWlajeyR5VqG+htsdZDIKvHsgM=
=SU9S
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorDanijel Kozinovic
Cert idNCERT-REF-2017-09-0047-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava SUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog koda. Savjetuje se ažuriranje...

Close