XMPP Unauthorized Access in Cisco Finesse Desktop and Unified Contact Center Express
CVE-2016-1307

5.4MEDIUM

Key Information:

Vendor

Zyxel
Status
Gs1900-10HP Firmware
Keymouse Firmware
Vendor
CVE Published:
7 February 2016

What is CVE-2016-1307?

The Cisco Finesse Desktop and Unified Contact Center Express applications are susceptible to unauthorized access due to a hardcoded account within the Openfire server. This security flaw allows remote attackers to exploit XMPP sessions, posing risks to sensitive data and system integrity. It is imperative for users to apply recommended security updates to mitigate potential threats and enhance overall system security.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1034921
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1034920
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.