CiscoCISCO-SA-CVP-INFO-DISLOSURE-NZBEWJ9VCisco Unified Customer Voice Portal Information Disclosure Vulnerability
0.004 Low
EPSS
Percentile
74.1%
A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device.
There are workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-info-dislosure-NZBEwj9V [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-info-dislosure-NZBEwj9V”]
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco unified ip interactive voice response (ivr) | eq | any | |
| cisco unified ip interactive voice response (ivr) | eq | any |
Related
