CVE-2017-6722

CWE-287 — Improper Authentication4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 36.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Contact Center Express

Timeline

PublishedJul 4

Latest updateMay 17

Description

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5cisco_unified_contact_center_expressCisco Unified Contact Center Express

▶NVDcisco/unified_contact_center_express11.5.1es01, 11.5.1su1, 11.5\(1\)+2

🔴Vulnerability Details

GHSA

GHSA-r8qw-7chv-8gcx: A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthe↗2022-05-17

▶

CVEList

CVE-2017-6722: A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthe↗2017-07-04

▶

📋Vendor Advisories

Cisco

Cisco Unified Contact Center Express Clear Text Authentication Vulnerability↗2017-06-21

▶