CVE-2017-6626

Description

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agents state changes. Cisco Bug IDs: CSCvc08314.

Risk Information

Base Score

5.3

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

Exploitation Probability

0.28

Associated Vulnerability

Vulnerability	OS Platform
Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability For Cisco Finesse	NCM
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-6626)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1705887	Security Update for Cisco Finesse 11.5(0.98000.126)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234