5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
46.2%
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) in the Cisco Finesse Desktop and Cisco Unified Contact Center Express applications could allow an unauthenticated, remote attacker to log in to the device with a default account with a static password. This account provides nonadministrative access to the Openfire server bundled with the application.
The vulnerability occurs because a default user account is created at installation and the account password cannot be changed. An attacker could exploit this vulnerability by logging in using XMPP to access the Openfire server using the default account. The attacker could log in using the default account and gain unauthorized access to the Openfire server, which allows sensitive data to be viewed and modified.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce”]
CPE | Name | Operator | Version |
---|---|---|---|
cisco unified contact center express | eq | any | |
cisco finesse | eq | any | |
cisco unified contact center express | eq | any | |
cisco finesse | eq | any |
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
46.2%