cisco-sa-20180718-uccx: Multiple Vulnerabilities in Cisco Unified Contact Center Express
First published: Wed Jul 18 2018(Updated: )
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface, conduct a cross-site request forgery (CSRF) attack, or retrieve a cleartext password. For more information about these vulnerabilities, see the Details section of this advisory. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx
Credit: Filip Waeytens NCI Agency Cyber Security for reporting these vulnerabilities
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Contact Center Express Enhanced |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Child vulnerabilities
(Contains the following vulnerabilities)
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- collector/cisco-advisory
- source/Cisco
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified contact center express enhanced