CVE-2017-12214

CVE-2017-12214

Vendor N/A

Product Cisco Unified Customer Voice Portal

Weakness CWE-264

Published September 21, 2017

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) running software release 10.5, 11.0, or 11.5. Cisco Bug IDs: CSCve92752.

Key dates

02Disclosure timeline

September 21, 2017 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-12214

Related vulnerabilities

01Description

02Disclosure timeline

03References

04Related CVE