VAR-201602-0048
Vulnerability from variot - Updated: 2023-12-18 14:05The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. Vendors have confirmed this vulnerability Bug ID CSCuw79085 It is released as.By a third party XMPP Access may be gained through a session. Attackers can exploit this issue to gain unauthorized access to the affected application. This may allow an attacker to obtain and modify sensitive information. This issue is being tracked by Cisco bug IDs CSCuw79085 and CSCuw86638. Cisco Finesse Desktop is a suite of next-generation agent and desktop management software for customer collaboration solutions; Unified CCX is a customer relationship management component of a unified communications solution. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "keymouse",
"scope": "eq",
"trust": 1.0,
"vendor": "zzinc",
"version": "3.08"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "finesse",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(1)"
},
{
"model": "finesse",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.6(1)"
},
{
"model": "finesse",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.5\\\\\\(1\\\\\\)_base"
},
{
"model": "finesse",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "11.0\\\\\\(1\\\\\\)_base"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.6\\\\\\(1\\\\\\)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "NVD",
"id": "CVE-2016-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.5\\\\\\(1\\\\\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:11.0\\\\\\(1\\\\\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\\\(1\\\\\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1307"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco.",
"sources": [
{
"db": "BID",
"id": "82400"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1307",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-1307",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-90126",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1307",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-143",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90126",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90126"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "NVD",
"id": "CVE-2016-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. Vendors have confirmed this vulnerability Bug ID CSCuw79085 It is released as.By a third party XMPP Access may be gained through a session. \nAttackers can exploit this issue to gain unauthorized access to the affected application. This may allow an attacker to obtain and modify sensitive information. \nThis issue is being tracked by Cisco bug IDs CSCuw79085 and CSCuw86638. Cisco Finesse Desktop is a suite of next-generation agent and desktop management software for customer collaboration solutions; Unified CCX is a customer relationship management component of a unified communications solution. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1307"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "BID",
"id": "82400"
},
{
"db": "VULHUB",
"id": "VHN-90126"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1307",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1034921",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1034920",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001493",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-143",
"trust": 0.7
},
{
"db": "BID",
"id": "82400",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-90126",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90126"
},
{
"db": "BID",
"id": "82400"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "NVD",
"id": "CVE-2016-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
}
]
},
"id": "VAR-201602-0048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90126"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:05:58.632000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160202-fducce",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160202-fducce"
},
{
"title": "Cisco Finesse Desktop and Unified Contact Center Express Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60091"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90126"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "NVD",
"id": "CVE-2016-1307"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160202-fducce"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034920"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034921"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1307"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1307"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90126"
},
{
"db": "BID",
"id": "82400"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "NVD",
"id": "CVE-2016-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90126"
},
{
"db": "BID",
"id": "82400"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "NVD",
"id": "CVE-2016-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-07T00:00:00",
"db": "VULHUB",
"id": "VHN-90126"
},
{
"date": "2016-02-02T00:00:00",
"db": "BID",
"id": "82400"
},
{
"date": "2016-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"date": "2016-02-07T11:59:03.880000",
"db": "NVD",
"id": "CVE-2016-1307"
},
{
"date": "2016-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-143"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-90126"
},
{
"date": "2016-07-05T21:21:00",
"db": "BID",
"id": "82400"
},
{
"date": "2016-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"date": "2016-12-06T03:06:39.747000",
"db": "NVD",
"id": "CVE-2016-1307"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-143"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Finesse Desktop and Unified Contact Center Express of Openfire Vulnerability to gain access rights on the server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…