Vulnerability Description
A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Contact Center Enterprise | 11.5\(1\) |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98291Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038396
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/98291Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038396
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2017-6626?
CVE-2017-6626 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information...
How severe is CVE-2017-6626?
CVE-2017-6626 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6626?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Contact Center Enterprise.