Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-20232

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific API endpoint on the Unified CCX Finesse Portal. A successful exploit could allow the attacker to cause the internal WebProxy to redirect users to an attacker-controlled host.

Published

2023-08-16T22:15:12.597

Last Modified

2024-11-21T07:40:57.140

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	unified_contact_center_express	< 12.5\(1\)_su2_es05	Yes

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-wcp-JJeqDT3S Patch, Vendor Advisory ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-wcp-JJeqDT3S Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)