CVE-2019-12633
published 2019-09-05CVE-2019-12633: A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a…
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If the request is processed, the attacker could access the system and perform unauthorized actions.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_unified_contact_center_express | >= unspecified < 12.0(1)SU0.1 | 12.0(1)SU0.1 |
| cisco | unified_contact_center_express | < 11.6\(2\)es04 | 11.6\(2\)es04 |
| cisco | unified_contact_center_express | — | — |
| cisco | unified_contact_center_express_request_processing_server-side_request_forgery | — | — |