Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Unified Contact Center Express Administration Pages |
Informations | |||
---|---|---|---|
Name | cisco-sa-20090715-uccx | First vendor Publication | 2009-05-05 |
Vendor | Cisco | Last vendor Modification | 2009-07-15 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Unified Contact Center Express (Cisco Unified CCX) server contains both a directory traversal vulnerability and a script injection vulnerability in the administration pages of the Customer Response Solutions (CRS) and Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) products. Exploitation of these vulnerabilities could result in a denial of service condition, information disclosure, or a privilege escalation attack. Cisco has released free software updates that address these two vulnerabilities in the latest version of Cisco Unified CCX software. |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
50 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
55937 | Cisco Unified Contact Center Express (CCX) Database Unspecified XSS Cisco Unified Contact Center Express (CCX) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified parameters upon submission to an unspecified script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
55936 | Cisco Unified Contact Center Express (CCX) Customer Response Solutions (CRS) ... |