Credential Reset Vulnerability in Cisco Unified Customer Voice Portal
CVE-2017-12214
8.8HIGH
Key Information:
- Vendor
- Cisco
- Vendor
- CVE Published:
- 21 September 2017
Summary
A vulnerability exists in the credential reset functionality of the Operations, Administration, Maintenance, and Provisioning (OAMP) for Cisco Unified Customer Voice Portal (CVP). This flaw arises from inadequate input validation, allowing an authenticated remote attacker to send a specially crafted HTTP request that can result in elevated privileges. By authenticating to the OAMP, an attacker can exploit this vulnerability to gain administrator access to the system, thereby compromising its integrity and control.
Affected Version(s)
Cisco Unified Customer Voice Portal Cisco Unified Customer Voice Portal
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved