Cisco Unified Customer Voice Portal Information Disclosure Vulnerability

By GIXnews

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device.

The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-info-dislosure-NZBEwj9V

Security Impact Rating: Medium

CVE: CVE-2020-3402

Source:: Cisco Security Advisories