- Description
- A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to arbitrary files on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
- Products
- unified_contact_center_express
CVSS 3.1
- Type
- Primary
- Base score
- 4.9
- Impact score
- 3.6
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- psirt@cisco.com
- CWE-22
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF18C21-6E70-4748-99FA-884754F44D1A",
"versionEndExcluding": "12.5\\(1\\)_su03_es07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "124C88AE-ED0C-4CBC-A84D-200EDB776C8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]