CVE-2017-12214

HIGH

Cisco Unified Customer Voice Portal 10.5, 11.0, 11.5 - Authenticated Privilege Escalation via OAMP Credential Reset

Title source: llm
STIX 2.1

Description

A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) running software release 10.5, 11.0, or 11.5. Cisco Bug IDs: CSCve92752.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039411
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100931

Scores

CVSS v3 8.8
EPSS 0.0218
EPSS Percentile 80.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20 CWE-264
Status published
Products (4)
cisco/unified_customer_voice_portal 10.5
cisco/unified_customer_voice_portal 11.0
cisco/unified_customer_voice_portal 11.5
n/a/Cisco Unified Customer Voice Portal Cisco Unified Customer Voice Portal
Published Sep 21, 2017
Tracked Since Feb 18, 2026