March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – Cisco IP Phone 6800, 7800, and 8800 Series Vulnerabilities
March 2, 2023
Rewterz Threat Advisory – Dell PowerScale nodes and OneFS Vulnerabilities
March 2, 2023
Rewterz Threat Advisory – Cisco IP Phone 6800, 7800, and 8800 Series Vulnerabilities
March 2, 2023
Rewterz Threat Advisory – Dell PowerScale nodes and OneFS Vulnerabilities
March 2, 2023
Severity
Medium
Analysis Summary
CVE-2023-20062 CVSS:5
Cisco Unified Intelligence Center is vulnerable to server-side request forgery, caused by improper input validation for specific HTTP requests. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to conduct SSRF attack to send arbitrary network requests.
CVE-2023-20061 CVSS:6.5
Cisco Unified Intelligence Center could allow a remote authetnicated attacker to obtain sensitive information, caused by excessive verbosity in a specific REST API output. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-20062
- CVE-2023-20061
Affected Vendors
Cisco
Affected Products
- Cisco Unified Contact Center Enterprise
- Cisco Unified Contact Center Express.
- Cisco Unified Intelligence Center (CUIC)
- Cisco Packaged Contact Center Enterprise
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.