New User, Welcome!     Login

Interactive Voice Response

Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability

Summary
=======

Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco
Unified IP Interactive Voice Response (Unified IP-IVR) contain a
directory traversal vulnerability that may allow a remote,
unauthenticated attacker to retrieve arbitrary files from the
filesystem.

Cisco has released free software updates that address this

Cisco Security Advisory: Cisco Unified Communications Manager Directory Traversal Vulnerability

This advisory is posted at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm


Cisco Unified Contact Center Express and Cisco Unified IP Interactive
Voice Response are also affected by this vulnerability, and a
separate advisory has been published at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx

Note: Effective October 18, 2011, Cisco moved the current list of
Cisco Security Advisories and Responses published by Cisco PSIRT. The

Cisco Security Advisory: Vulnerabilities in Unified Contact Center Express Administration Pages

=======

Cisco Unified Contact Center Express (Cisco Unified CCX) server contains
both a directory traversal vulnerability and a script injection
vulnerability in the administration pages of the Customer Response
Solutions (CRS) and Cisco Unified IP Interactive Voice Response (Cisco
Unified IP IVR) products. Exploitation of these vulnerabilities could
result in a denial of service condition, information disclosure, or a
privilege escalation attack.

Cisco has released free software updates that address these two

Cisco Security Advisory: Vulnerabilities in Cisco Unified Contact Center Express

The vulnerabilities described in this document affect the following products:

  * Cisco UCCX versions 5.x, 6.x, and 7.x
  * Cisco Customer Response Solution (CRS) versions 5.x, 6.x, and 7.x
  * Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) versions
    5.x, 6.x, and 7.x

Products Confirmed Not Vulnerable
+--------------------------------

Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability

  * Cisco Conference Connection (CCC)
  * Emergency Responder
  * IPCC Express
  * IPCC Enterprise
  * IPCC Hosted
  * IP Interactive Voice Response (IP IVR)
  * IP Queue Manager
  * Intelligent Contact Management (ICM)
  * Cisco Voice Portal (CVP)
  * Cisco Unified Meeting Place
  * Cisco Personal Assistant (PA)

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Agent

 * Cisco Conference Connection (CCC)
 * Emergency Responder
 * IPCC Express
 * IPCC Enterprise
 * IPCC Hosted
 * IP Interactive Voice Response (IP IVR)
 * IP Queue Manager
 * Intelligent Contact Management (ICM)
 * Cisco Voice Portal (CVP)
 * Cisco Unified Meeting Place
 * Cisco Personal Assistant (PA)

DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-3315]

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx

Tested Systems / Software
-------------------------
Cisco Unified Contact Center Express (UCCX) versions: 8.5(x), 8.0(x), 7.0(x), 6.0(x)
Cisco Unified IP Interactive Voice Response (Unified IP-IVR) versions: 8.5(x), 8.0(x), 7.0(x), 6.0(x)

Vendor Contact
--------------
Vendor Name: Cisco
Vendor Website: http://www.cisco.com/


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!