Cisco Unified Customer Voice Portal vulnerabilities
15 known vulnerabilities affecting cisco/unified_customer_voice_portal.
Total CVEs
15
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH9MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2021-44228CRITICALCVSS 10.0KEVPoCfixed in 11.6v11.6+6 more2021-12-10
CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD
nvd
CVE-2021-1599MEDIUMCVSS 5.4≤ 12.5\(1\)2021-07-22
CVE-2021-1599 [MEDIUM] CWE-79 CVE-2021-1599: A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) c
A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by the web-based management interface. An attacker could ex
nvd
CVE-2019-16017MEDIUMCVSS 6.8fixed in 11.6\(1\)_es-11fixed in 12.0\(1\)_es-72020-09-23
CVE-2019-16017 [MEDIUM] CWE-264 CVE-2019-16017: A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Se
A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Server for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the OAMP application. The vulnerability is due to insufficient input validati
nvd
CVE-2020-3402HIGHCVSS 7.5≤ 12.5\(1\)2020-07-02
CVE-2020-3402 [HIGH] CWE-306 CVE-2020-3402: A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice
A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sen
nvd
CVE-2018-0139HIGHCVSS 8.6v11.5\(1\)v11.62018-02-22
CVE-2018-0139 [HIGH] CWE-20 CVE-2018-0139: A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Un
A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. The vulnerability is due to improper handling of a TCP connection request
nvd
CVE-2018-0086HIGHCVSS 8.6≤ 11.52018-01-18
CVE-2018-0086 [HIGH] CWE-400 CVE-2018-0086: A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could all
A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB).
nvd
CVE-2017-12214HIGHCVSS 8.8v10.5v11.0+1 more2017-09-21
CVE-2017-12214 [HIGH] CWE-264 CVE-2017-12214: A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential r
A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by au
nvd
CVE-2015-0735MEDIUMCVSS 6.8v10.5\(1\)2015-05-17
CVE-2015-0735 [MEDIUM] CWE-352 CVE-2015-0735: Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1)
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970.
nvd
CVE-2013-1221CRITICALCVSS 10.0≤ 9.0\(1\)v3.0+9 more2013-05-09
CVE-2013-1221 [CRITICAL] CWE-16 CVE-2013-1221: The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.
nvd
CVE-2013-1220HIGHCVSS 7.8≤ 9.0\(1\)v3.0+9 more2013-05-09
CVE-2013-1220 [HIGH] CVE-2013-1220: The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 al
The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service (call-acceptance outage) via malformed SIP INVITE messages, aka Bug ID CSCua65148.
nvd
CVE-2013-1225HIGHCVSS 7.8≤ 9.0\(1\)v3.0+9 more2013-05-09
CVE-2013-1225 [HIGH] CWE-264 CVE-2013-1225: Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to rea
Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366.
nvd
CVE-2013-1223HIGHCVSS 7.8≤ 9.0\(1\)v3.0+9 more2013-05-09
CVE-2013-1223 [HIGH] CWE-20 CVE-2013-1223: The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not pro
The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372.
nvd
CVE-2013-1224HIGHCVSS 7.8≤ 9.0\(1\)v3.0+9 more2013-05-09
CVE-2013-1224 [HIGH] CWE-22 CVE-2013-1224: Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CV
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369.
nvd
CVE-2013-1222HIGHCVSS 7.8≤ 9.0\(1\)v3.0+9 more2013-05-09
CVE-2013-1222 [HIGH] CWE-16 CVE-2013-1222: The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379.
nvd
CVE-2008-2053CRITICALCVSS 9.0v4.0v4.1+1 more2008-05-22
CVE-2008-2053 [CRITICAL] CVE-2008-2053: Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) 4.0.x before 4.0(2)_ES14, 4.1
Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) 4.0.x before 4.0(2)_ES14, 4.1.x before 4.1(1)_ES11, and 7.x before 7.0(1) allows remote authenticated users with administrator role privileges to create, modify, or delete a superuser account.
nvd