Vulnerability-Lookup - Search a vulnerability

Version: N/A

Cisco	Cisco Unified Contact Center Express	Version: N/A
Cisco	Cisco Finesse	Version: 12.6(2) Version: 12.6(2)ES1 Version: 12.6(2)ES2
Cisco	Cisco Packaged Contact Center Enterprise	Version: N/A

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20405",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-07T17:17:33.480316Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-07T17:17:41.695Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.434Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Contact Center Enterprise",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "Cisco Finesse",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES1"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES2"
            }
          ]
        },
        {
          "product": "Cisco Packaged Contact Center Enterprise",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. \r\n\r This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-05T16:15:22.185Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew"
        }
      ],
      "source": {
        "advisory": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
        "defects": [
          "CSCwh95276"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20405",
    "datePublished": "2024-06-05T16:15:22.185Z",
    "dateReserved": "2023-11-08T15:08:07.661Z",
    "dateUpdated": "2024-08-01T21:59:42.434Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20253

Vulnerability from cvelistv5

Published

2024-01-26 17:28

Modified

2024-08-01 21:52

Severity ?

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

Summary

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.

References

▼	URL	Tags
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm

Impacted products

Vendor

Product

Version

▼

Version: N/A

Cisco	Cisco Unity Connection	Version: 12.0(1)SU1 Version: 12.0(1)SU2 Version: 12.0(1)SU3 Version: 12.0(1)SU4 Version: 12.0(1)SU5 Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 12.5(1)SU5 Version: 12.5(1)SU6 Version: 12.5(1)SU7 Version: 14 Version: 14SU1 Version: 14SU2
Cisco	Cisco Unified Communications Manager	Version: 12.0(1)SU1 Version: 12.0(1)SU2 Version: 12.0(1)SU3 Version: 12.0(1)SU4 Version: 12.0(1)SU5 Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 12.5(1)SU5 Version: 12.5(1)SU6 Version: 12.5(1)SU7 Version: 12.5(1)SU7a Version: 14 Version: 14SU1 Version: 14SU2
Cisco	Cisco Unified Contact Center Express	Version: 8.5(1) Version: 9.0(2)SU3ES04 Version: 10.0(1)SU1 Version: 10.0(1)SU1ES04 Version: 10.5(1) Version: 10.5(1)SU1 Version: 10.5(1)SU1ES10 Version: 10.6(1) Version: 10.6(1)SU1 Version: 10.6(1)SU3 Version: 10.6(1)SU2 Version: 10.6(1)SU3ES03 Version: 10.6(1)SU2ES04 Version: 10.6(1)SU3ES02 Version: 10.6(1)SU3ES01 Version: 11.0(1)SU1 Version: 11.0(1)SU1ES03 Version: 11.0(1)SU1ES02 Version: 11.5(1)SU1 Version: 11.5(1)SU1ES02 Version: 11.5(1)SU1ES01 Version: 11.5(1)SU1ES03 Version: 11.5(1)ES01 Version: 12.0(1) Version: 12.0(1)ES01 Version: 12.0(1)ES03 Version: 12.0(1)ES04 Version: 12.0(1)ES02 Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)_SU01_ES03 Version: 12.5(1)ES03 Version: 12.5(1)_SU01_ES01 Version: 12.5(1)_SU02_ES02 Version: 12.5(1)_SU01_ES02 Version: 12.5(1)_SU02_ES03 Version: 12.5(1)ES01 Version: 12.5(1)_SU02_ES01 Version: 12.5(1)ES02 Version: 12.5(1)_SU03_ES01 Version: 12.5(1)_SU02_ES04 Version: 12.5(1)_SU03_ES02 Version: 12.5(1)_SU03_ES03 Version: 12.5(1)_SU03_ES04 Version: 11.6(1) Version: 11.6(2) Version: 11.6(1)ES01 Version: 11.6(2)ES06 Version: 11.6(1)ES02 Version: 11.6(2)ES01 Version: 11.6(2)ES03 Version: 11.6(2)ES07 Version: 11.6(2)ES08 Version: 11.6(2)ES02 Version: 11.6(2)ES05 Version: 11.6(2)ES04
Cisco	Cisco Unified Communications Manager IM and Presence Service	Version: 10.5(1) Version: 10.5(2) Version: 10.5(2a) Version: 10.5(2b) Version: 10.5(2)SU3 Version: 10.5(2)SU2a Version: 10.5(2)SU4a Version: 10.5(2)SU4 Version: 10.5(1)SU3 Version: 10.5(1)SU1 Version: 10.5(2)SU1 Version: 10.5(2)SU2 Version: 10.5(1)SU2 Version: 11.5(1) Version: 11.5(1)SU1 Version: 11.5(1)SU2 Version: 11.5(1)SU3 Version: 11.5(1)SU3a Version: 11.5(1)SU4 Version: 11.5(1)SU5 Version: 11.5(1)SU5a Version: 11.5(1)SU6 Version: 11.5(1)SU7 Version: 11.5(1)SU8 Version: 11.5(1)SU9 Version: 11.5(1)SU10 Version: 11.5(1)SU11 Version: 11.0(1) Version: 11.0(1)SU1 Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 12.5(1)SU5 Version: 12.5(1)SU6 Version: 12.5(1)SU7 Version: 14 Version: 14SU1 Version: 14SU2 Version: 14SU2a Version: 10.0(1) Version: 10.0(1)SU1 Version: 10.0(1)SU2
Cisco	Cisco Virtualized Voice Browser	Version: 11.0(1) Version: 11.5(1) Version: 11.5(1)ES29 Version: 11.5(1)ES32 Version: 11.5(1)_ES43 Version: 11.5(1)_ES54 Version: 11.5(1)_ES27 Version: 11.5(1)ES36 Version: 11.5(1)_ES32 Version: 11.5(1)_ES29 Version: 11.5(1)_ES36 Version: 11.5(1)ES43 Version: 11.5(1)_ES53 Version: 11.5(1)ES27 Version: 11.6(1) Version: 11.6(1)_ES82 Version: 11.6(1)_ES22 Version: 11.6(1)_ES81 Version: 11.6(1)_ES87 Version: 11.6(1)_ES84 Version: 11.6(1)_ES85 Version: 11.6(1)_ES83 Version: 11.6(1)_ES80 Version: 11.6(1)_ES86 Version: 11.6(1)_ES88 Version: 12.5(1)_ES04 Version: 12.5(1)_ES07 Version: 12.5(1)_ES02 Version: 12.5(1) Version: 12.5(1)_ES08 Version: 12.5(1)_ES03 Version: 12.5(1)_ES06 Version: 12.5(1)_ES09 Version: 12.5(1)_ES14 Version: 12.5(1)SU Version: 12.5(1)_ES15 Version: 12.5(1)_SU Version: 12.5(1)_SU_ES01 Version: 12.5(1)_ES11 Version: 12.5(1)_ES12 Version: 12.5(2)_ET Version: 12.5(1)_SU_ES02 Version: 12.5(1)_ES10 Version: 12.0(1) Version: 12.0(1)_ES02 Version: 12.0(1)_ES01 Version: 12.0(1)_ES06 Version: 12.0(1)_ES07 Version: 12.0(1)_ES05 Version: 12.0(1)_ES04 Version: 12.0(1)_ES03 Version: 12.0(1)_ES08 Version: 12.6(1) Version: 12.6(1)_ES04 Version: 12.6(1)_ES03 Version: 12.6(1)_ES09 Version: 12.6(1)_ES06 Version: 12.6(1)_ES08 Version: 12.6(1)_ES05 Version: 12.6(2)_ES03 Version: 12.6(1)_ES02 Version: 12.6(1)_ES01 Version: 12.6(2) Version: 12.6(2)_ET01 Version: 12.6(2)_ES02 Version: 12.6(2)_ES01 Version: 12.6(1)_ES07
Cisco	Cisco Packaged Contact Center Enterprise	Version: 10.5(1) Version: 10.5(2) Version: 10.5(1)_ES7 Version: 10.5(2)_ES8 Version: 11.0(1) Version: 11.0(2) Version: 11.5(1) Version: 11.6(1) Version: 11.6(2) Version: 12.0(1) Version: 12.5(1) Version: 12.5(2) Version: 12.6(1) Version: 12.6(2)
Cisco	Cisco Unified Communications Manager / Cisco Unity Connection	Version: 10.5(2)SU10 Version: 10.5(1) Version: 10.5(1)SU1 Version: 10.5(1)SU1a Version: 10.5(2) Version: 10.5(2)SU1 Version: 10.5(2)SU2 Version: 10.5(2)SU3 Version: 10.5(2)SU4 Version: 10.5(2)SU5 Version: 10.5(2)SU6 Version: 10.5(2)SU7 Version: 10.5(2)SU8 Version: 10.5(2)SU9 Version: 10.5(2)SU2a Version: 10.5(2)SU3a Version: 10.5(2)SU4a Version: 10.5(2)SU6a Version: 11.0(1) Version: 11.0(1a) Version: 11.0(1a)SU1 Version: 11.0(1a)SU2 Version: 11.0(1a)SU3 Version: 11.0(1a)SU3a Version: 11.0(1a)SU4 Version: 11.0.1 Version: 11.0.2 Version: 11.0.5 Version: 11.5(1) Version: 11.5(1)SU1 Version: 11.5(1)SU2 Version: 11.5(1)SU3 Version: 11.5(1)SU3a Version: 11.5(1)SU3b Version: 11.5(1)SU4 Version: 11.5(1)SU5 Version: 11.5(1)SU6 Version: 11.5(1)SU7 Version: 11.5(1)SU8 Version: 11.5(1)SU9 Version: 11.5(1)SU10 Version: 11.5(1)SU11 Version: 10.0(1)SU2 Version: 10.0(1) Version: 10.0(1)SU1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:31.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-cucm-rce-bWNzQcUm",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Contact Center Enterprise",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "Cisco Unity Connection",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.0(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.0(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.0(1)SU4"
            },
            {
              "status": "affected",
              "version": "12.0(1)SU5"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "14SU2"
            }
          ]
        },
        {
          "product": "Cisco Unified Communications Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.0(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.0(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.0(1)SU4"
            },
            {
              "status": "affected",
              "version": "12.0(1)SU5"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7a"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "14SU2"
            }
          ]
        },
        {
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "8.5(1)"
            },
            {
              "status": "affected",
              "version": "9.0(2)SU3ES04"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1ES04"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1ES10"
            },
            {
              "status": "affected",
              "version": "10.6(1)"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES03"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2ES04"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES02"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES01"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES01"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES04"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES01"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES01"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES01"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES04"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES06"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES07"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES08"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES05"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES04"
            }
          ]
        },
        {
          "product": "Cisco Unified Communications Manager IM and Presence Service",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "10.5(2)"
            },
            {
              "status": "affected",
              "version": "10.5(2a)"
            },
            {
              "status": "affected",
              "version": "10.5(2b)"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU3"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU2a"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU4a"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU4"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU2"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU3a"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU5a"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU9"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU10"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU11"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "14SU2a"
            },
            {
              "status": "affected",
              "version": "10.0(1)"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU2"
            }
          ]
        },
        {
          "product": "Cisco Virtualized Voice Browser",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES29"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES32"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES43"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES54"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES27"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES36"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES32"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES29"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES36"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES43"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES53"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES27"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES82"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES22"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES81"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES87"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES84"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES85"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES83"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES80"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES86"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES88"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES07"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES08"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES06"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES09"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES14"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES15"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU_ES01"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES11"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES12"
            },
            {
              "status": "affected",
              "version": "12.5(2)_ET"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES10"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES02"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES06"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES07"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES05"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES04"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES03"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES08"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES04"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES03"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES09"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES06"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES08"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES05"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES03"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES02"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES01"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET01"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES02"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES01"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES07"
            }
          ]
        },
        {
          "product": "Cisco Packaged Contact Center Enterprise",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "10.5(2)"
            },
            {
              "status": "affected",
              "version": "10.5(1)_ES7"
            },
            {
              "status": "affected",
              "version": "10.5(2)_ES8"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.0(2)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            }
          ]
        },
        {
          "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.5(2)SU10"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1a"
            },
            {
              "status": "affected",
              "version": "10.5(2)"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU2"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU3"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU4"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU5"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU6"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU7"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU8"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU9"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU2a"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU3a"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU4a"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU6a"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1a)"
            },
            {
              "status": "affected",
              "version": "11.0(1a)SU1"
            },
            {
              "status": "affected",
              "version": "11.0(1a)SU2"
            },
            {
              "status": "affected",
              "version": "11.0(1a)SU3"
            },
            {
              "status": "affected",
              "version": "11.0(1a)SU3a"
            },
            {
              "status": "affected",
              "version": "11.0(1a)SU4"
            },
            {
              "status": "affected",
              "version": "11.0.1"
            },
            {
              "status": "affected",
              "version": "11.0.2"
            },
            {
              "status": "affected",
              "version": "11.0.5"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU3a"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU3b"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU9"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU10"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU11"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU2"
            },
            {
              "status": "affected",
              "version": "10.0(1)"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "Deserialization of Untrusted Data",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-02T15:42:33.881Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cucm-rce-bWNzQcUm",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cucm-rce-bWNzQcUm",
        "defects": [
          "CSCwe18830",
          "CSCwe18773",
          "CSCwe18840",
          "CSCwd64292",
          "CSCwd64245",
          "CSCwd64276"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20253",
    "datePublished": "2024-01-26T17:28:30.761Z",
    "dateReserved": "2023-11-08T15:08:07.622Z",
    "dateUpdated": "2024-08-01T21:52:31.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20058

Vulnerability from cvelistv5

Published

2023-01-19 01:38

Modified

2024-10-25 16:04

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

References

▼	URL	Tags
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX

Impacted products

Vendor

Product

Version

▼

Version: N/A

Cisco	Cisco Unified Contact Center Express	Version: 11.0(1)SU1 Version: 12.0(1) Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 11.6(1) Version: 11.6(2)
Cisco	Cisco Unified Intelligence Center	Version: 11.0(1) Version: 11.5(1) Version: 11.6(1) Version: 12.0(1) Version: 12.5(1) Version: 12.5(1)SU Version: 12.6(1)
Cisco	Cisco Packaged Contact Center Enterprise	Version: 11.6(1) Version: 11.6(2) Version: 12.0(1) Version: 12.5(1) Version: 12.5(2) Version: 12.6(1)

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-cuis-xss-Omm8jyBX",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20058",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:36:44.382026Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:04:17.660Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Contact Center Enterprise",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            }
          ]
        },
        {
          "product": "Cisco Unified Intelligence Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            }
          ]
        },
        {
          "product": "Cisco Packaged Contact Center Enterprise",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "format": "cvssV3_0"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:57:39.867Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cuis-xss-Omm8jyBX",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cuis-xss-Omm8jyBX",
        "defects": [
          "CSCwc84104"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20058",
    "datePublished": "2023-01-19T01:38:26.055Z",
    "dateReserved": "2022-10-27T18:47:50.320Z",
    "dateUpdated": "2024-10-25T16:04:17.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20088

Vulnerability from cvelistv5

Published

2023-03-03 00:00

Modified

2024-10-28 16:33

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability

References

▼	URL	Tags
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-proxy-dos-vY5dQhrV	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.873Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230301 Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-proxy-dos-vY5dQhrV"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20088",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-28T16:24:42.580466Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-28T16:33:23.491Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Contact Center Enterprise ",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulnerability by sending a series of unauthenticated requests to the reverse proxy. A successful exploit could allow the attacker to cause all current traffic and subsequent requests to the reverse proxy through a load balancer to be dropped, resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-03T00:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230301 Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-proxy-dos-vY5dQhrV"
        }
      ],
      "source": {
        "advisory": "cisco-sa-finesse-proxy-dos-vY5dQhrV",
        "defect": [
          [
            "CSCwd67008"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20088",
    "datePublished": "2023-03-03T00:00:00",
    "dateReserved": "2022-10-27T00:00:00",
    "dateUpdated": "2024-10-28T16:33:23.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-3163

Vulnerability from cvelistv5

Published

2020-02-19 19:15

Modified

2024-11-15 17:41

Severity ?

6.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

Cisco Unified Contact Center Enterprise Denial of Service Vulnerability

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-tip-dos-7cdLUASb	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Version: unspecified < n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:24:00.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200219 Cisco Unified Contact Center Enterprise Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-tip-dos-7cdLUASb"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3163",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:29:26.377598Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:41:23.997Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Contact Center Enterprise",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "n/a",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-02-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-19T19:15:22",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200219 Cisco Unified Contact Center Enterprise Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-tip-dos-7cdLUASb"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ucce-tip-dos-7cdLUASb",
        "defect": [
          [
            "CSCvq16162"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Unified Contact Center Enterprise Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-02-19T16:00:00-0800",
          "ID": "CVE-2020-3163",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Unified Contact Center Enterprise Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Contact Center Enterprise",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.8",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200219 Cisco Unified Contact Center Enterprise Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-tip-dos-7cdLUASb"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ucce-tip-dos-7cdLUASb",
          "defect": [
            [
              "CSCvq16162"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3163",
    "datePublished": "2020-02-19T19:15:22.854219Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:41:23.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20404

Vulnerability from cvelistv5

Published

2024-06-05 16:14

Modified

2024-08-01 21:59

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Summary

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for services that are associated to the affected device.

References

▼	URL	Tags
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew

Impacted products

Vendor

Product

Version

▼

Version: N/A

Cisco	Cisco Unified Contact Center Express	Version: N/A
Cisco	Cisco Finesse	Version: 12.6(2) Version: 12.6(2)ES1 Version: 12.6(2)ES2
Cisco	Cisco Packaged Contact Center Enterprise	Version: N/A

Show details on NVD website