QID 317342

QID 317342: Cisco Unified Contact Center Express Finesse Portal Web Cache Poisoning Vulnerability (cisco-sa-uccx-wcp-JJeqDT3S)

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device.

Vulnerable releases:
Prior to 12.5(1)SU03 ES02

QID Detection Logic(Authenticated):
It checks for vulnerable OS version of Cisco Unified Contact Center Express.

A successful exploit could allow the attacker to cause the internal WebProxy to redirect users to an attacker-controlled host.

CVSS V3 rated as Medium - 5.3 severity.

CVSS V2 rated as Medium - 4.3 severity.

Solution

Customers are advised to refer to cisco-sa-uccx-wcp-JJeqDT3S for more information.

Vendor References

cisco-sa-uccx-wcp-JJeqDT3S - sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-wcp-JJeqDT3S

CVEs related to QID 317342

CVE-2023-20232 |

Software Advisories

Advisory ID	Software	Component	Link
cisco-sa-uccx-wcp-JJeqDT3S			sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-wcp-JJeqDT3S

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].