First published: Thu May 09 2013(Updated: )
The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Unified Customer Voice Portal | <=9.0\(1\) | |
Cisco Unified Customer Voice Portal | =3.0-sr1 | |
Cisco Unified Customer Voice Portal | =3.0-sr2 | |
Cisco Unified Customer Voice Portal | =3.6\(10\)-es01 | |
Cisco Unified Customer Voice Portal | =4.0 | |
Cisco Unified Customer Voice Portal | =4.0\(2\) | |
Cisco Unified Customer Voice Portal | =4.0\(2\)-sr1 | |
Cisco Unified Customer Voice Portal | =4.1 | |
Cisco Unified Customer Voice Portal | =7.0 | |
Cisco Unified Customer Voice Portal | =7.0\(2\) | |
Cisco Unified Customer Voice Portal | =8.0\(1\) | |
Cisco Unified Customer Voice Portal | =8.5\(1\) | |
Cisco Unified Customer Voice Portal | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.