Executive Summary
Summary | |
---|---|
Title | Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20170920-cvp | First vendor Publication | 2017-09-20 |
Vendor | Cisco | Last vendor Modification | 2017-09-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJZwpDGZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlTig/9F41HKN3maY/Z8aDc oBGGfyxvULI7FwTVhgYEdx3Oq0ExZi3Tx1YEMzT/0uXkV/QNOsyBQXYe6w/PGCwi PDfyB8l0c7mvdpLHd9l5T8VvcnXtuX7UUvttL6UbWbYPlkheot+BG9XJnV791G54 4sRbEv8yUN8sR+JrChEcXKSW1nEzb1DyqNpl9GfHYt+vGrHJDqe0lGxFLPRJJ+tA A/PHOI1OtVtG1eyJXih4Xp9RcffOSv3+BXlvZV9uD1uBlFIR1SGwPOr2zOQndkc1 T7nz0ryfKWQP0zJeDtldJaGs52J0O6z4DmjaLRN0Dn/2fCD4FdFZ0GyaWO4cVPJc QOsBFgoAIk6n1dQxPWr9rvT/4u+S4CPUKJCL+vC5jPYK5qcnSTAXRnGPz8SdUinW mXUi1Id1u/MmM8YsnA0SFzjwvutg3RTYg6ky/jD1lP64oeIAiSn7exHE4+Ok10vx UZMiRH/8zoOFiNFCSd40w+u9UkLgLObV7KWDMAwF0SPeRJHJQ35x9Q+jVLDlduaX uPQjkvvN/DwRCecl/jKrJ1FOLC/uaZISmB/+C3igfF2pvg5BQHts6wqmkyrS0Xm3 O1nt+kIerxaKPqpVagP07WemqBvpm1INplu7rL3lLGhVdcCRDUIGyxTxEdPwDt+/ OKWlajeyR5VqG+htsdZDIKvHsgM= =SU9S END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-09-21 | Cisco Customer Voice Portal MyAccountEditAction.do privilege escalation attempt RuleID : 44417 - Revision : 1 - Type : SERVER-WEBAPP |
Alert History
Date | Informations |
---|---|
2017-10-03 21:25:38 |
|
2017-09-21 17:22:19 |
|