CVE-2013-1223
Cisco Unified Customer Voice Portal <9.0.1 ES 11 - Info Disclosure
Title source: llmDescription
The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp
Scores
EPSS
0.0148
EPSS Percentile
70.9%
Details
CWE
CWE-20
Status
published
Products (11)
cisco/unified_customer_voice_portal
3.0 sr1 (2 CPE variants)
cisco/unified_customer_voice_portal
3.6\(10\) es01
cisco/unified_customer_voice_portal
4.0
cisco/unified_customer_voice_portal
4.0\(2\) (2 CPE variants)
cisco/unified_customer_voice_portal
4.1
cisco/unified_customer_voice_portal
7.0
cisco/unified_customer_voice_portal
7.0\(2\)
cisco/unified_customer_voice_portal
8.0\(1\)
cisco/unified_customer_voice_portal
8.5\(1\)
cisco/unified_customer_voice_portal
9.0
... and 1 more
Published
May 09, 2013
Tracked Since
Feb 18, 2026