Clear Text Authentication Vulnerability in Cisco Unified Contact Center Express
CVE-2017-6722

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Unified Contact Center Express
Vendor
CVE Published:
4 July 2017

Summary

A flaw exists in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express, which may permit an attacker to impersonate a legitimate user without authentication. This vulnerability can significantly compromise user account security by allowing unauthorized access to sensitive functions, potentially leading to data breaches and operational disruptions.

Affected Version(s)

Cisco Unified Contact Center Express Cisco Unified Contact Center Express

References

http://www.securityfocus.com/bid/99201
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038749
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.