Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2022-00543

Опубликовано: 12 янв. 2022
Источник: fstec
CVSS3: 9.6
CVSS2: 8.5
EPSS Низкий

Описание

Уязвимость веб-интерфейса управления программных средств управления контакт-центром Cisco Unified Contact Center Management Portal (Unified CCMP) и Cisco Unified Contact Center Domain Manager (Unified CCDM) связана с реализацией функций безопасности на стороне клиента. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, повысить свои привилегии путем отправки специально созданного HTTP-запроса

Вендор

Cisco Systems Inc.

Наименование ПО

Cisco Unified Contact Center Management Portal (Unified CCMP)
Cisco Unified Contact Center Domain Manager (Unified CCDM)

Версия ПО

до 11.6.1 ES17 (Cisco Unified Contact Center Management Portal (Unified CCMP))
от 12.0.1 до 12.0.1 ES5 (Cisco Unified Contact Center Management Portal (Unified CCMP))
от 12.5.1 до 12.5.1 ES5 (Cisco Unified Contact Center Management Portal (Unified CCMP))
до 11.6.1 ES17 (Cisco Unified Contact Center Domain Manager (Unified CCDM))
от 12.0.1 до 12.0.1 ES5 (Cisco Unified Contact Center Domain Manager (Unified CCDM))
от 12.5.1 до 12.5.1 ES5 (Cisco Unified Contact Center Domain Manager (Unified CCDM))

Тип ПО

Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 8,5)
Критический уровень опасности (базовая оценка CVSS 3.0 составляет 9,3)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 50%
0.00264
Низкий

9.6 Critical

CVSS3

8.5 High

CVSS2

Связанные уязвимости

nvd логотип

CVE-2022-20658

CVSS3: 9.6
nvd
около 4 лет назад

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials.

github логотип

GHSA-862p-mjj9-4wcq

github
около 4 лет назад

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials.

EPSS

Процентиль: 50%
0.00264
Низкий

9.6 Critical

CVSS3

8.5 High

CVSS2