CVE-2019-12633 is a vulnerability in Cisco Unified Contact Center Express
Published on September 5, 2019
Cisco Unified Contact Center Express Request Processing Server-Side Request Forgery Vulnerability
A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If the request is processed, the attacker could access the system and perform unauthorized actions.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2019-12633
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-12633 are published in Cisco Unified Contact Center Express:
Affected Versions
Cisco Unified Contact Center Express:- Version unspecified and below 12.0(1)SU0.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.