First published: Thu Jul 02 2020(Updated: )
A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Unified Customer Voice Portal | <=12.5\(1\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3402 is a vulnerability in the Java RMI interface of Cisco Unified Customer Voice Portal (CVP) that could allow an unauthenticated, remote attacker to access sensitive information.
CVE-2020-3402 allows an attacker to access sensitive information on an affected device running Cisco Unified Customer Voice Portal.
CVE-2020-3402 has a severity rating of 7.5 (high).
To mitigate CVE-2020-3402, apply the necessary security updates or patches provided by Cisco.
More information about CVE-2020-3402 can be found in the Cisco Security Advisory at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-info-dislosure-NZBEwj9V