CVE-2017-12214

CWE-264CWE-20Improper Input Validation4 documents4 sources
Severity
8.8HIGH
EPSS
0.9%
top 24.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Customer Voice Portal
Timeline
PublishedSep 21
Latest updateMay 13

Description

A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The at

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco_unified_customer_voice_portalCisco Unified Customer Voice Portal
NVDcisco/unified_customer_voice_portal10.5, 11.0, 11.5+2

🔴Vulnerability Details

2
GHSA
GHSA-mgq9-pr3p-2gmg: A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voic2022-05-13
CVEList
CVE-2017-12214: A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voic2017-09-21

📋Vendor Advisories

1
Cisco
Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability2017-09-20
CVE-2017-12214 (HIGH CVSS 8.8) | A vulnerability in the Operations | cvebase.io