CVE-2020-3402
Description
A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.514
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Unified Customer Voice Portal Information Disclosure Vulnerability For Cisco Unified Customer Voice Portal | NCM |
| Missing Authentication for Critical Function Vulnerability (CVE-2020-3402) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705727 | Security Update for Cisco Unified Customer Voice Portal 11.0(1)SR0(24) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234