Credential Reset Vulnerability in Cisco Unified Customer Voice Portal
CVE-2017-12214
8.8HIGH
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 21 September 2017
What is CVE-2017-12214?
A vulnerability exists in the credential reset functionality of the Operations, Administration, Maintenance, and Provisioning (OAMP) for Cisco Unified Customer Voice Portal (CVP). This flaw arises from inadequate input validation, allowing an authenticated remote attacker to send a specially crafted HTTP request that can result in elevated privileges. By authenticating to the OAMP, an attacker can exploit this vulnerability to gain administrator access to the system, thereby compromising its integrity and control.
Affected Version(s)
Cisco Unified Customer Voice Portal Cisco Unified Customer Voice Portal