Vigil@nce - Cisco Unified Contact Center Express: information disclosure via CCMConfig
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can read a page of Cisco Unified Contact Center
Express, in order to obtain sensitive information.
Impacted products: Cisco Unified CCX
Severity: 2/4
Creation date: 26/02/2014
DESCRIPTION OF THE VULNERABILITY
The Cisco Unified Contact Center Express product offers a web
service.
However, the CCMConfig page contains sensitive information.
An attacker can therefore read a page of Cisco Unified Contact
Center Express, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN