HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2020-3402

CVSS 7.5v3.1pub. 2020-07-02upd. 2024-11-21

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Cisco Unified Customer Voice Portal

    APP
    Cisco
    ≤ 12.5\(1\)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2018-0139HIGH8.6ten sam produkt

A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Cust...

CVE-2018-0086HIGH8.6ten sam produkt

A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unau...

CVE-2017-12214HIGH8.8ten sam produkt

A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset funct...

CVE-2013-1221HIGH10.0ten sam produkt

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 doe...

CVE-2013-1223HIGH7.8ten sam produkt

The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly vali...