Unified Customer Voice Portal Cisco Unified Customer Voice Portal

Do you want an email whenever new security vulnerabilities are reported in Cisco Unified Customer Voice Portal?

Recent Cisco Unified Customer Voice Portal Security Advisories

Advisory Title Published
2021-07-21 Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability July 21, 2021

By the Year

In 2024 there have been 0 vulnerabilities in Cisco Unified Customer Voice Portal . Unified Customer Voice Portal did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 2 7.70
2020 1 7.50
2019 0 0.00
2018 2 8.60

It may take a day or so for new Unified Customer Voice Portal vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cisco Unified Customer Voice Portal Security Vulnerabilities

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2

CVE-2021-44228 10 - Critical - December 10, 2021

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Improper Input Validation

A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could

CVE-2021-1599 5.4 - Medium - July 22, 2021

A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface, access sensitive, browser-based information, or cause an affected device to reboot under certain conditions.

XSS

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could

CVE-2020-3402 7.5 - High - July 02, 2020

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device.

Missing Authentication for Critical Function

A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could

CVE-2018-0139 8.6 - High - February 22, 2018

A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. The vulnerability is due to improper handling of a TCP connection request when the IVR connection is already established. An attacker could exploit this vulnerability by initiating a crafted connection to the IP address of the targeted CVP device. An exploit could allow the attacker to disconnect the IVR to CVP connection, creating a DoS condition that prevents the CVP from accepting new, incoming calls while the IVR automatically attempts to re-establish the connection to the CVP. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) Software Release 11.5(1). Cisco Bug IDs: CSCve70560.

A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could

CVE-2018-0086 8.6 - High - January 18, 2018

A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840.

Resource Exhaustion

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Cisco Unified Customer Voice Portal or by Cisco? Click the Watch button to subscribe.

Cisco
Vendor

subscribe