CVE-2017-6626

CWE-200Information Exposure4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 48.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Contact Center Enterprise
Timeline
PublishedMay 3
Latest updateMay 17

Description

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco_finesse_for_cisco_unified_contact_center_enterpriseCisco Finesse for Cisco Unified Contact Center Enterprise
NVDcisco/unified_contact_center_enterprise11.5\(1\), 11.6\(1\)+1

🔴Vulnerability Details

2
GHSA
GHSA-gx27-45px-h274: A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 112022-05-17
CVEList
CVE-2017-6626: A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 112017-05-03

📋Vendor Advisories

1
Cisco
Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability2017-05-03
CVE-2017-6626 (MEDIUM CVSS 5.3) | A vulnerability in the Cisco Finess | cvebase.io