The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Unified Contact Center Express

vulnerability CVE-2013-1214

Cisco Unified Contact Center Express: reading scripts

Synthesis of the vulnerability

An unauthenticated attacker can read scripts of Cisco Unified Contact Center Express, in order to obtain sensitive information.
Impacted products: Cisco Unified CCX.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 22/04/2013.
Identifiers: BID-59358, CSCuf77546, CVE-2013-1214, VIGILANCE-VUL-12700.

Description of the vulnerability

The Cisco Unified Contact Center Express product uses a repository to store scripts.

However, anonymous users can read the content of this repository.

An unauthenticated attacker can therefore read scripts of Cisco Unified Contact Center Express, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2011-2583

Cisco Unified Contact Center: denial of service

Synthesis of the vulnerability

An attacker can use network data, in order to create a denial of service on Cisco Unified Contact Center.
Impacted products: Cisco Unified CCX.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 09/05/2012.
Identifiers: CSCth33834, CVE-2011-2583, VIGILANCE-VUL-11607.

Description of the vulnerability

An attacker can use network data, in order to create a denial of service on Cisco Unified Contact Center.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2011-3315

Cisco Unified Communications Manager, Contact Center Express: file reading

Synthesis of the vulnerability

A remote unauthenticated attacker can use the web interface of Cisco Unified Communications Manager and Cisco Unified Contact Center Express, in order to read a file on the system.
Impacted products: Cisco CUCM, Cisco Unified CCX.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 27/10/2011.
Revision date: 08/11/2011.
Identifiers: BID-50372, CERTA-2011-AVI-601, cisco-sa-20111026-cucm, cisco-sa-20111026-uccx, CSCth09343, CSCts44049, CVE-2011-3315, DDIVRT-2011-35, VIGILANCE-VUL-11100.

Description of the vulnerability

The Cisco Unified Communications Manager offers a web interface, listening on the port 8080/tcp. The Cisco Unified Contact Center Express offers a web interface, listening on ports 8080/tcp and 9080/tcp.

However, these web sites do not correctly filter queries like "../../", so an attacker can browse the path, in order to read a file located outside the root directory of the product.

A remote unauthenticated attacker can therefore use the web interface of Cisco Unified Communications Manager and Cisco Unified Contact Center Express, in order to read a file on the system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2010-1570 CVE-2010-1571

Cisco Unified Contact Center Express: two vulnerabilities

Synthesis of the vulnerability

An attacker can generate a denial of service or read a file via Cisco Unified Contact Center Express.
Impacted products: Cisco Unified CCX.
Severity: 3/4.
Consequences: data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/06/2010.
Identifiers: 111897, 111998, BID-40680, BID-40684, CERTA-2010-AVI-256, cisco-amb-20100609-uccx, cisco-sa-20100609-uccx, CSCso89629, CSCsx76165, CVE-2010-1570, CVE-2010-1571, VIGILANCE-VUL-9698.

Description of the vulnerability

Two vulnerabilities were announced in Cisco Unified Contact Center Express.

When ICD (Integrated Call Distribution) is enabled, the CTI (Computer Telephony Integration) server listens on port 42027/tcp. An attacker can send a malformed CTI message, in order to restart the CTI server. [severity:3/4; BID-40684, CERTA-2010-AVI-256, CSCso89629, CVE-2010-1570]

An attacker can send a Bootstrap message to the port 6295/tcp, in order to read a file from the system. [severity:3/4; BID-40680, CSCsx76165, CVE-2010-1571]

An attacker can therefore generate a denial of service or read a file via Cisco Unified Contact Center Express.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Unified Contact Center Express: