SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VoIP)  >   Cisco Unified Customer Voice Portal Vendors:   Cisco
Cisco Unified Customer Voice Portal OAMP Password Reset Bug Lets Remote Authenticated Users Gain Elevated Privileges
SecurityTracker Alert ID:  1039411
SecurityTracker URL:  http://securitytracker.com/id/1039411
CVE Reference:   CVE-2017-12214   (Links to External Site)
Date:  Sep 21 2017
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.5, 11.0, 11.5
Description:   A vulnerability was reported in Cisco Unified Customer Voice Portal. A remote authenticated user can gain elevated privileges.

A remote authenticated user can send a specially crafted HTTP request to exploit a flaw in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset function to gain administrator privileges on the target system.

The vendor has assigned bug ID CSCve92752 to this vulnerability.

Impact:   A remote authenticated user can gain administrator privileges on the target system.
Solution:   The vendor has issued a fix.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC