File Reading Vulnerability in Cisco Unified Customer Voice Portal Software
CVE-2013-1223

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Customer Voice Portal
Vendor: CVE Published:; 9 May 2013

Summary

The log viewer component of Cisco Unified Customer Voice Portal Software prior to version 9.0.1 ES 11 features an insufficient validation of an unspecified parameter, enabling remote attackers to gain access to arbitrary files. This can be achieved through specially crafted HTTP or HTTPS requests, potentially leading to the exposure of sensitive information stored on the server. Proper input validation and security practices are essential to mitigate this vulnerability.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 9, 2013