Vulnslist

find the latest Cisco vulnerabilities

Vulnerabilities in Unified Contact Center Express Administration Pages

cisco-sa-20090715-uccx · Critical · Published · Updated

Cisco Unified Contact Center Express (Cisco Unified CCX) server contains both a directory traversal vulnerability and a script injection vulnerability in the administration pages of the Customer Response Solutions (CRS) and Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) products. Exploitation of these vulnerabilities could result in a denial of service condition, information disclosure, or a privilege escalation attack. Cisco has released free software updates that address these two vulnerabilities in the latest version of Cisco Unified CCX software. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090715-uccx.

Cisco advisory ·CSAF JSON

Workarounds

No workaround information imported yet.

CVEsCVE-2009-2047, CVE-2009-2048
Cisco Bug IDsNA
CVSS ScoreBase 5.5
Base 5.5 AV:N/AC:L/Au:S/C:N/I:P/A:P/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Base 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source
Cisco Unified Contact Center Express, Cisco Unified IP Interactive Voice Response

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Unified Contact Center Express known_affected cisco_csaf CVE-2009-2047, CVE-2009-2048 2
Cisco Unified IP Interactive Voice Response known_affected cisco_csaf CVE-2009-2047, CVE-2009-2048 2

Related Products

Product CVE Evidence
Cisco Unified Contact Center CVE-2009-2047 Cisco OpenVuln
Cisco Unified Contact Center Express CVE-2009-2047 Cisco OpenVuln
Cisco Unified IP Interactive Voice Response CVE-2009-2047 Cisco OpenVuln
Cisco Unified IP IVR CVE-2009-2047 Cisco OpenVuln
Cisco Unified Contact Center CVE-2009-2048 Cisco OpenVuln
Cisco Unified Contact Center Express CVE-2009-2048 Cisco OpenVuln
Cisco Unified IP Interactive Voice Response CVE-2009-2048 Cisco OpenVuln
Cisco Unified IP IVR CVE-2009-2048 Cisco OpenVuln