CVE-2020-3402

CWE-306Missing Authentication4 documents4 sources
Severity
7.5HIGH
EPSS
0.5%
top 33.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Customer Voice PortalCisco Cisco Unified IP Interactive Voice Response (ivr)
Timeline
PublishedJul 2
Latest updateMay 24

Description

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected dev

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-vg7g-wfjp-7wgp: A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remo2022-05-24
CVEList
Cisco Unified Customer Voice Portal Information Disclosure Vulnerability2020-07-02

📋Vendor Advisories

1
Cisco
Cisco Unified Customer Voice Portal Information Disclosure Vulnerability2020-07-01
CVE-2020-3402 (HIGH CVSS 7.5) | A vulnerability in the Java Remote | cvebase.io