Sign-up

ID

VAR-201705-3741


CVE

CVE-2017-6626


TITLE

Cisco Unified Contact Center Enterprise for Cisco Finesse Notification Service Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-003772

DESCRIPTION

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314. Vendors have confirmed this vulnerability Bug ID CSCvc08314 It is released as.Information may be obtained. Cisco Finesse is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCvc08314. This component provides intelligent contact routing, call processing, web-to-desktop computer telephony integration (CTI) and multi-channel contact management capabilities over an IP infrastructure

Trust: 1.98

sources: NVD: CVE-2017-6626 // JVNDB: JVNDB-2017-003772 // BID: 98291 // VULHUB: VHN-114829

AFFECTED PRODUCTS

vendor:ciscomodel:unified contact center enterprisescope:eqversion:11.6\(1\)

Trust: 1.6

vendor:ciscomodel:unified contact center enterprisescope:eqversion:11.5\(1\)

Trust: 1.6

vendor:ciscomodel:unified contact center enterprisescope:eqversion:11.5(1)

Trust: 0.8

vendor:ciscomodel:unified contact center enterprisescope:eqversion:11.6(1)

Trust: 0.8

vendor:ciscomodel:unified contact center enterprisescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:finessescope:eqversion:11.6(1)

Trust: 0.3

vendor:ciscomodel:finessescope:eqversion:11.5(1)

Trust: 0.3

sources: BID: 98291 // JVNDB: JVNDB-2017-003772 // CNNVD: CNNVD-201705-204 // NVD: CVE-2017-6626

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6626
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6626
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201705-204
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114829
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6626
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114829
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6626
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114829 // JVNDB: JVNDB-2017-003772 // CNNVD: CNNVD-201705-204 // NVD: CVE-2017-6626

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114829 // JVNDB: JVNDB-2017-003772 // NVD: CVE-2017-6626

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-204

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201705-204

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003772

PATCH
title:cisco-sa-20170503-finesse-ucceurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-finesse-ucce
Trust: 0.8
title:Cisco Unified Contact Center Enterprise Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69834
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-003772 // 
            
            
            
            CNNVD: CNNVD-201705-204

EXTERNAL IDS
db:NVDid:CVE-2017-6626
Trust: 2.8
db:BIDid:98291
Trust: 1.4
db:SECTRACKid:1038396
Trust: 1.1
db:JVNDBid:JVNDB-2017-003772
Trust: 0.8
db:CNNVDid:CNNVD-201705-204
Trust: 0.7
db:NSFOCUSid:36617
Trust: 0.6
db:VULHUBid:VHN-114829
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114829 // 
            
            
            
            BID: 98291 // 
            
            
            
            JVNDB: JVNDB-2017-003772 // 
            
            
            
            CNNVD: CNNVD-201705-204 // 
            
            
            
            NVD: CVE-2017-6626

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170503-finesse-ucce
Trust: 2.0
url:http://www.securityfocus.com/bid/98291
Trust: 1.1
url:http://www.securitytracker.com/id/1038396
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6626
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6626
Trust: 0.8
url:http://www.nsfocus.net/vulndb/36617
Trust: 0.6
url:http://www.cisco.com/en/us/products/ps11324/index.html
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114829 // 
            
            
            
            BID: 98291 // 
            
            
            
            JVNDB: JVNDB-2017-003772 // 
            
            
            
            CNNVD: CNNVD-201705-204 // 
            
            
            
            NVD: CVE-2017-6626

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 98291

SOURCES
db:VULHUBid:VHN-114829
db:BIDid:98291
db:JVNDBid:JVNDB-2017-003772
db:CNNVDid:CNNVD-201705-204
db:NVDid:CVE-2017-6626

LAST UPDATE DATE
2024-11-23T21:41:19.456000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114829date:2017-07-11T00:00:00
db:BIDid:98291date:2017-05-18T16:18:00
db:JVNDBid:JVNDB-2017-003772date:2017-06-07T00:00:00
db:CNNVDid:CNNVD-201705-204date:2017-05-08T00:00:00
db:NVDid:CVE-2017-6626date:2024-11-21T03:30:09.563

SOURCES RELEASE DATE
db:VULHUBid:VHN-114829date:2017-05-03T00:00:00
db:BIDid:98291date:2017-05-03T00:00:00
db:JVNDBid:JVNDB-2017-003772date:2017-06-07T00:00:00
db:CNNVDid:CNNVD-201705-204date:2017-05-08T00:00:00
db:NVDid:CVE-2017-6626date:2017-05-03T21:59:00.263