Cisco Unified Customer Voice Portal Multiple Vulnerabilities

Last Update Date: 9 May 2013 10:05 Release Date: 9 May 2013 3950 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities has been identified in Cisco Unified Customer Voice Portal. A remote user can execute arbitrary applications on the target system, cause denial of service conditions, view and modify files on the target system, and gain administrator access.

  1. A remote user can send a specially crafted SIP INVITE message to trigger a flaw in the the CallServer component and cause the system to not accept new calls.
  2. A remote user can exploit a flaw in the Tomcat web application to gain administrator access.
  3. A remote user can exploit a flaw in the Tomcat web application to execute unauthorized user-supplied web applications.
  4. A remote user can exploit a parameter validation and file access flaw in the log viewer to view arbitrary system files.
  5. A remote user can exploit a parameter validation path traversal flaw in Resource Manager component to overwrite system files.
  6. A remote user can exploit an XML entity expansion flaw to view arbitrary system files.

Impact

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • prior to 9.0.1 ES 11

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

nginx "ngx_http_parse_chunked()" Buffer Overflow Vulnerability

8 May 2013 4200 Views

Next

Adobe ColdFusion "filename" Arbitrary File Disclosure Vulnerability

10 May 2013 4083 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY