First published: Sun Feb 07 2016(Updated: )
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Zyxel GS1900-10HP firmware | <2.50\(aazi.0\)c0 | |
zzinc KeyMouse | =3.08 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-1307 is considered a high severity vulnerability due to the presence of a hardcoded account allowing unauthorized access to the Openfire server.
To mitigate CVE-2016-1307, it is recommended to upgrade to a newer version of Cisco Finesse or Unified Contact Center Express that does not include the hardcoded account.
CVE-2016-1307 affects users of Cisco Finesse Desktop versions 10.5(1) and 11.0(1), as well as Unified Contact Center Express version 10.6(1).
An attacker can exploit CVE-2016-1307 to gain remote unauthorized access through an XMPP session due to the hardcoded account.
Yes, CVE-2016-1307 can potentially be exploited remotely over the internet if the affected systems are exposed.