CVE-2023-20232Improper Input Validation in Cisco Unified Contact Center Express

CWE-20Improper Input Validation4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 70.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Contact Center ExpressCisco Unified Contact Center Express
Timeline
PublishedAug 16
Latest updateAug 17

Description

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific API endpoint on the Unified CCX Finesse Portal. A successful exploit could allow the attacker to cause the internal WebProxy t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDcisco/unified_contact_center_express< 12.5\(1\)_su2_es05

Patches

Patch: sec.cloudapps.cisco.comPatch: sec.cloudapps.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-38hg-9xjj-pc2r: A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to2023-08-17
CVEList
CVE-2023-20232: A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to2023-08-16

📋Vendor Advisories

1
Cisco
Cisco Unified Contact Center Express Finesse Portal Web Cache Poisoning Vulnerability2023-08-16
CVE-2023-20232 — Improper Input Validation in Cisco | cvebase