The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco Unified CCX

vulnerability note CVE-2019-12633

Cisco Unified Contact Center Express: code execution via SSRF

Synthesis of the vulnerability

An attacker can use a vulnerability via SSRF of Cisco Unified Contact Center Express, in order to run code.
Severity: 2/4.
Creation date: 05/09/2019.
Identifiers: cisco-sa-20190904-unified-ccx-ssrf, CSCvp65375, CVE-2019-12633, VIGILANCE-VUL-30248.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via SSRF of Cisco Unified Contact Center Express, in order to run code.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2019-12626

Cisco Unified Contact Center Express: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Unified Contact Center Express, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 22/08/2019.
Identifiers: CERTFR-2019-AVI-410, cisco-sa-20190821-ccx-xss, CSCvp83906, CVE-2019-12626, VIGILANCE-VUL-30127.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco Unified Contact Center Express product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Unified Contact Center Express, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-5391

Linux kernel: denial of service via FragmentSmack

Synthesis of the vulnerability

An attacker can generate a fatal error via FragmentSmack of the Linux kernel, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 16/08/2018.
Identifiers: ADV180022, CERTFR-2018-AVI-390, CERTFR-2018-AVI-392, CERTFR-2018-AVI-419, CERTFR-2018-AVI-457, CERTFR-2018-AVI-478, CERTFR-2018-AVI-533, CERTFR-2019-AVI-233, CERTFR-2019-AVI-242, cisco-sa-20180824-linux-ip-fragment, CVE-2018-5391, DLA-1466-1, DLA-1529-1, DSA-2019-062, DSA-4272-1, FragmentSmack, JSA10917, K74374841, openSUSE-SU-2018:2404-1, openSUSE-SU-2018:2407-1, openSUSE-SU-2019:0274-1, PAN-SA-2018-0012, RHSA-2018:2785-01, RHSA-2018:2791-01, RHSA-2018:2846-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, RHSA-2018:3459-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, sk134253, SUSE-SU-2018:2344-1, SUSE-SU-2018:2374-1, SUSE-SU-2018:2380-1, SUSE-SU-2018:2381-1, SUSE-SU-2018:2596-1, SUSE-SU-2019:0541-1, SUSE-SU-2019:1289-1, SYMSA1467, Synology-SA-18:44, USN-3740-1, USN-3740-2, USN-3741-1, USN-3741-2, USN-3741-3, USN-3742-1, USN-3742-2, USN-3742-3, VIGILANCE-VUL-27009, VU#641765.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via FragmentSmack of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2018-0400 CVE-2018-0401 CVE-2018-0402

Cisco Unified Contact Center Express: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Cisco Unified Contact Center Express.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 19/07/2018.
Identifiers: CERTFR-2018-AVI-352, cisco-sa-20180718-uccx, CSCvg70904, CSCvg70921, CSCvg70967, CSCvg71040, CVE-2018-0400, CVE-2018-0401, CVE-2018-0402, CVE-2018-0403, VIGILANCE-VUL-26801.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Cisco Unified Contact Center Express.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2017-6779

Cisco: denial of service via Log File Size

Synthesis of the vulnerability

An attacker can generate a fatal error via Log File Size of Cisco, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 07/06/2018.
Identifiers: CERTFR-2018-AVI-270, cisco-sa-20180606-diskdos, CVE-2017-6779, VIGILANCE-VUL-26343.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Log File Size of Cisco, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2017-12288

Cisco Unified Contact Center Express: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Unified Contact Center Express, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 19/10/2017.
Identifiers: CERTFR-2017-AVI-372, cisco-sa-20171018-ucce, CSCvf09173, CVE-2017-12288, VIGILANCE-VUL-24185.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco Unified Contact Center Express product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Unified Contact Center Express, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2017-6722

Cisco Unified Contact Center Express: privilege escalation via XMPP

Synthesis of the vulnerability

An attacker can bypass restrictions via XMPP of Cisco Unified Contact Center Express, in order to escalate his privileges.
Severity: 2/4.
Creation date: 22/06/2017.
Identifiers: CERTFR-2017-AVI-191, cisco-sa-20170621-ucce, CSCuw86638, CVE-2017-6722, VIGILANCE-VUL-23066.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via XMPP of Cisco Unified Contact Center Express, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2017-5638

Apache Struts: code execution via Jakarta Multipart CD/CL

Synthesis of the vulnerability

An attacker can use a malicious Content-Disposition/Content-Length header on Apache Struts with Jakarta Multipart installed, in order to run code.
Severity: 4/4.
Creation date: 20/03/2017.
Identifiers: 498123, CERTFR-2017-ALE-004, cisco-sa-20170310-struts2, cpuapr2017, cpujul2017, CVE-2017-5638, ESA-2017-042, S2-045, S2-046, VIGILANCE-VUL-22190.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache Struts product can be configured to use the Multipart parser of Jakarta.

The HTTP Content-Type header can contain the multipart/form-data MIME type to indicate form data. In this case, the Multipart parser of Jakarta is called.

When the Multipart parser of Jakarta is used, and when the Content-Disposition or Content-Length header contains a malformed value, an exception occurs, and the header content is interpreted during the display.

An attacker can therefore use a malicious Content-Disposition/Content-Length header on Apache Struts with Jakarta Multipart installed, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-5638

Apache Struts: code execution via Jakarta Multipart CT

Synthesis of the vulnerability

An attacker can use a malicious Content-Type header on Apache Struts with Jakarta Multipart installed, in order to run code.
Severity: 4/4.
Creation date: 08/03/2017.
Revision date: 14/03/2017.
Identifiers: 498123, CERTFR-2017-ALE-004, CERTFR-2017-AVI-071, cisco-sa-20170310-struts2, cpuapr2017, cpujul2017, CVE-2017-5638, ESA-2017-042, S2-045, S2-046, VIGILANCE-VUL-22047, VMSA-2017-0004, VMSA-2017-0004.6, VU#834067.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache Struts product can be configured to use the Multipart parser of Jakarta.

The HTTP Content-Type header can contain the multipart/form-data MIME type to indicate form data. In this case, the Multipart parser of Jakarta is called.

When the Multipart parser of Jakarta is used, and when the Content-Type header contains a malformed multipart/form-data header, an exception occurs, and the header content is interpreted during the display.

An attacker can therefore use a malicious Content-Type header on Apache Struts with Jakarta Multipart installed, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2016-7053 CVE-2016-7054 CVE-2016-7055

OpenSSL 1.1: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL 1.1.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 10/11/2016.
Revision date: 13/12/2016.
Identifiers: 2004036, 2004940, 2011567, 492284, 492616, bulletinapr2017, CERTFR-2018-AVI-343, cisco-sa-20161114-openssl, cpuapr2019, cpujan2018, cpujul2017, CVE-2016-7053, CVE-2016-7054, CVE-2016-7055, ESA-2016-148, ESA-2016-149, FG-IR-17-019, JSA10775, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2018:0458-1, SA40423, VIGILANCE-VUL-21093.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL 1.1.

An attacker can generate a buffer overflow via ChaCha20/Poly1305, in order to trigger a denial of service. [severity:2/4; CVE-2016-7054]

An attacker can force a NULL pointer to be dereferenced via CMS Structures, in order to trigger a denial of service. [severity:2/4; CVE-2016-7053]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco Unified CCX: