SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Cisco Finesse Vendors:   Cisco
Cisco Finesse XMPP Default User Account Lets Remote Users Access the Target System
SecurityTracker Alert ID:  1034920
SecurityTracker URL:  http://securitytracker.com/id/1034920
CVE Reference:   CVE-2016-1307   (Links to External Site)
Date:  Feb 3 2016
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.5(1), 11.0(1)
Description:   A vulnerability was reported in Cisco Finesse. A remote user can gain access to the target system.

A remote user can use a default user account and static password to connect via Extensible Messaging and Presence Protocol (XMPP) to the target system.

The default user account is created during installation. The account password cannot be changed.

The vendor has assigned bug IDs CSCuw79085 and CSCuw86638 to this vulnerability.

Impact:   A remote user can gain access to the target system.
Solution:   The vendor has issued a fix.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC