cvelistv5 - cve-2017-6722

CVE-2017-6722 (GCVE-0-2017-6722)

Vulnerability from cvelistv5

Published

2017-07-04 00:00

Modified

2024-08-05 15:41

Severity ?

CWE

Clear Text Authentication Vulnerability

Summary

References

URL

	Vendor	Product	Version
	n/a	Cisco Unified Contact Center Express	Version: Cisco Unified Contact Center Express

cnvd-2017-13827

Vulnerability from cnvd

Title

Cisco Unified Contact Center Express安全绕过漏洞

Description

Cisco Unified Contact Center Express是用于正式和非正式联络中心的单服务器、集成式联络中心。 Cisco Unified Contact Center Express (UCCx)的可扩展消息传递和到场协议(XMPP)服务存在安全绕过漏洞，未经身份验证的攻击者可利用该漏洞伪装成合法用户。

Severity

中

Patch Name

Cisco Unified Contact Center Express安全绕过漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce

Reference

http://www.securityfocus.com/bid/99201

Impacted products

Name
Cisco Unified Contact Center Express 10.6(1)

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99201"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6722"
    }
  },
  "description": "Cisco Unified Contact Center Express\u662f\u7528\u4e8e\u6b63\u5f0f\u548c\u975e\u6b63\u5f0f\u8054\u7edc\u4e2d\u5fc3\u7684\u5355\u670d\u52a1\u5668\u3001\u96c6\u6210\u5f0f\u8054\u7edc\u4e2d\u5fc3\u3002\r\n\r\nCisco Unified Contact Center Express (UCCx)\u7684\u53ef\u6269\u5c55\u6d88\u606f\u4f20\u9012\u548c\u5230\u573a\u534f\u8bae(XMPP)\u670d\u52a1\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u88c5\u6210\u5408\u6cd5\u7528\u6237\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-13827",
  "openTime": "2017-07-11",
  "patchDescription": "Cisco Unified Contact Center Express\u662f\u7528\u4e8e\u6b63\u5f0f\u548c\u975e\u6b63\u5f0f\u8054\u7edc\u4e2d\u5fc3\u7684\u5355\u670d\u52a1\u5668\u3001\u96c6\u6210\u5f0f\u8054\u7edc\u4e2d\u5fc3\u3002\r\n\r\nCisco Unified Contact Center Express (UCCx)\u7684\u53ef\u6269\u5c55\u6d88\u606f\u4f20\u9012\u548c\u5230\u573a\u534f\u8bae(XMPP)\u670d\u52a1\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u88c5\u6210\u5408\u6cd5\u7528\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Unified Contact Center Express\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Unified Contact Center Express 10.6(1)"
  },
  "referenceLink": "http://www.securityfocus.com/bid/99201",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-29",
  "title": "Cisco Unified Contact Center Express\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

gsd-2017-6722

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-6722

Aliases

CVE-2017-6722

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6722",
    "description": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61).",
    "id": "GSD-2017-6722"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6722"
      ],
      "details": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61).",
      "id": "GSD-2017-6722",
      "modified": "2023-12-13T01:21:09.509430Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-6722",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Unified Contact Center Express",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Unified Contact Center Express"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Clear Text Authentication Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "99201",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99201"
          },
          {
            "name": "1038749",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038749"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:11.5.1su1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:11.5.1es01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6722"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce"
            },
            {
              "name": "99201",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99201"
            },
            {
              "name": "1038749",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038749"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2017-07-07T14:58Z",
      "publishedDate": "2017-07-04T00:29Z"
    }
  }
}

fkie_cve-2017-6722

Vulnerability from fkie_nvd

Published

2017-07-04 00:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/99201	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1038749	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99201	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038749	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unified_contact_center_express	11.5\(1\)
cisco	unified_contact_center_express	11.5.1es01
cisco	unified_contact_center_express	11.5.1su1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "68236DFF-B60E-4209-B9B4-AC75D393A243",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5.1es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2CEEC1B-272D-4C36-86C4-93B0D67C5038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5.1su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F24BD150-99E4-4EE2-81E0-D9589F6D825E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el servicio Extensible Messaging and Presence Protocol (XMPP) de Unified Contact Center Express (UCCx) de Cisco, podr\u00eda permitir a un atacante remoto no identificado hacerse pasar por un usuario leg\u00edtimo, tambi\u00e9n se conoce como una Vulnerabilidad de Autenticaci\u00f3n de Texto Sin Cifrar. M\u00e1s informaci\u00f3n: CSCuw86638. Versiones Afectadas Conocidas: 10.6(1). Versiones Fijas Conocidas: 11.5(1.10000.61)."
    }
  ],
  "id": "CVE-2017-6722",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-04T00:29:00.697",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99201"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038749"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-r8qw-7chv-8gcx

Vulnerability from github

Published

2022-05-17 02:35

Modified

2022-05-17 02:35

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6722"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-04T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61).",
  "id": "GHSA-r8qw-7chv-8gcx",
  "modified": "2022-05-17T02:35:50Z",
  "published": "2022-05-17T02:35:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6722"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99201"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038749"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61). Vendors have confirmed this vulnerability Bug ID CSCuw86638 It is released as.A remote attacker can impersonate a legitimate user. Successful exploits may allow an attacker to bypass certain security restrictions. This may allow the attacker to masquerade as a legitimate user, aiding in further attacks. This issue is tracked by Cisco Bug ID CSCuw86638. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control. There is a security vulnerability in XMPP in Cisco UCCx, which is caused by the program not properly handling insecure HTTP ports

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0895",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.5.1su1"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.5.1es01"
      },
      {
        "model": "unified contact center express",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified ip interactive voice response",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0(1)"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0(1)"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.6(1)"
      },
      {
        "model": "unified contact center express",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.5(1.10000.61)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1017"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6722"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:unified_contact_center_express",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005315"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "99201"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1017"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-6722",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2017-6722",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-114925",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-6722",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-6722",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-6722",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-1017",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114925",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1017"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6722"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61). Vendors have confirmed this vulnerability Bug ID CSCuw86638 It is released as.A remote attacker can impersonate a legitimate user. \nSuccessful exploits may allow  an attacker to bypass certain security restrictions. This may allow the attacker to masquerade as a legitimate user, aiding in further attacks. \nThis issue is tracked by Cisco Bug ID CSCuw86638. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control. There is a security vulnerability in XMPP in Cisco UCCx, which is caused by the program not properly handling insecure HTTP ports",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6722"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005315"
      },
      {
        "db": "BID",
        "id": "99201"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114925"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6722",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "99201",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1038749",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005315",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1017",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "37054",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-114925",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114925"
      },
      {
        "db": "BID",
        "id": "99201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1017"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6722"
      }
    ]
  },
  "id": "VAR-201707-0895",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114925"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:12:57.870000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170621-ucce",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce"
      },
      {
        "title": "Cisco Unified Contact Center Express Extensible Messaging and Presence Protocol Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73834"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1017"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005315"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6722"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-ucce"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/99201"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1038749"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6722"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6722"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/37054"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114925"
      },
      {
        "db": "BID",
        "id": "99201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1017"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6722"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-114925"
      },
      {
        "db": "BID",
        "id": "99201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1017"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6722"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114925"
      },
      {
        "date": "2017-06-21T00:00:00",
        "db": "BID",
        "id": "99201"
      },
      {
        "date": "2017-07-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005315"
      },
      {
        "date": "2017-06-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1017"
      },
      {
        "date": "2017-07-04T00:29:00.697000",
        "db": "NVD",
        "id": "CVE-2017-6722"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114925"
      },
      {
        "date": "2017-06-21T00:00:00",
        "db": "BID",
        "id": "99201"
      },
      {
        "date": "2017-07-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005315"
      },
      {
        "date": "2017-09-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1017"
      },
      {
        "date": "2024-11-21T03:30:22.930000",
        "db": "NVD",
        "id": "CVE-2017-6722"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1017"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Contact Center Express of  Extensible Messaging and Presence Protocol Vulnerability in the service impersonating a legitimate user",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005315"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1017"
      }
    ],
    "trust": 0.6
  }
}

cisco-sa-20170621-ucce

Vulnerability from csaf_cisco

Published

2017-06-21 16:00

Modified

2017-06-21 16:00

Summary

Cisco Unified Contact Center Express Clear Text Authentication Vulnerability

Notes

Summary

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user. The vulnerability is due to the XMPP service incorrectly processing an unsecured HTTP port for third-party, remote presence monitoring. A successful exploit could allow the attacker to access the system as another user. There are no workarounds that address this vulnerability.

Vulnerable Products

This vulnerability affects Cisco Unified Contact Center Express. For information about affected software releases, consult the Cisco bug ID(s) at the top of this advisory.

Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this vulnerability.

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

This vulnerability was found during internal security testing.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "This vulnerability was found during internal security testing."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user.\r\n\r\nThe vulnerability is due to the XMPP service incorrectly processing an unsecured HTTP port for third-party, remote presence monitoring. A successful exploit could allow the attacker to access the system as another user.\r\n\r\nThere are no workarounds that address this vulnerability.\r\n\r\n",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "This vulnerability affects Cisco Unified Contact Center Express. For information about affected software releases, consult the Cisco bug ID(s) at the top of this advisory.",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "No other Cisco products are currently known to be affected by this vulnerability.",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this vulnerability.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory.\r\n\r\nWhen considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "This vulnerability was found during internal security testing.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@cisco.com",
      "issuing_authority": "Cisco PSIRT",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco Unified Contact Center Express Clear Text Authentication Vulnerability",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisories and Alerts page",
        "url": "https://www.cisco.com/go/psirt"
      }
    ],
    "title": "Cisco Unified Contact Center Express Clear Text Authentication Vulnerability",
    "tracking": {
      "current_release_date": "2017-06-21T16:00:00+00:00",
      "generator": {
        "date": "2024-03-28T20:27:44+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-20170621-ucce",
      "initial_release_date": "2017-06-21T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2017-06-20T14:51:09+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Cisco Unified Contact Center Express",
            "product": {
              "name": "Cisco Unified Contact Center Express ",
              "product_id": "CSAFPID-92631"
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6722",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCuw86638"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-92631"
        ]
      },
      "release_date": "2017-06-21T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-92631"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-92631"
          ]
        }
      ],
      "title": "Cisco Unified Contact Center Express Clear Text Authentication Vulnerability"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-6722 (GCVE-0-2017-6722)

Vulnerability from cvelistv5

cnvd-2017-13827

Vulnerability from cnvd

gsd-2017-6722

Vulnerability from gsd

fkie_cve-2017-6722

Vulnerability from fkie_nvd

ghsa-r8qw-7chv-8gcx

Vulnerability from github

var-201707-0895

Vulnerability from variot

cisco-sa-20170621-ucce

Vulnerability from csaf_cisco

Tags

Sightings

Nomenclature