CVE-2017-6722 - OpenCVE

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Unified Contact Center Express

Configuration 1 [-]

OR	cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.5.1es01:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:11.5.1su1:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/99201
http://www.securitytracker.com/id/1038749
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2017-07-04T00:00:00

Updated: 2024-08-05T15:41:17.163Z

Reserved: 2017-03-09T00:00:00

Link: CVE-2017-6722

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-07-04T00:29:00.697

Modified: 2017-07-07T14:58:36.460

Link: CVE-2017-6722

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco Unified Contact Center Express", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Unified Contact Center Express"}]}], "datePublic": "2017-07-03T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61)."}], "problemTypes": [{"descriptions": [{"description": "Clear Text Authentication Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-06T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "99201", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99201"}, {"name": "1038749", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038749"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-6722", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Unified Contact Center Express", "version": {"version_data": [{"version_value": "Cisco Unified Contact Center Express"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Clear Text Authentication Vulnerability"}]}]}, "references": {"reference_data": [{"name": "99201", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99201"}, {"name": "1038749", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038749"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:41:17.163Z"}, "title": "CVE Program Container", "references": [{"name": "99201", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99201"}, {"name": "1038749", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038749"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-6722", "datePublished": "2017-07-04T00:00:00", "dateReserved": "2017-03-09T00:00:00", "dateUpdated": "2024-08-05T15:41:17.163Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "68236DFF-B60E-4209-B9B4-AC75D393A243", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5.1es01:*:*:*:*:*:*:*", "matchCriteriaId": "F2CEEC1B-272D-4C36-86C4-93B0D67C5038", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5.1su1:*:*:*:*:*:*:*", "matchCriteriaId": "F24BD150-99E4-4EE2-81E0-D9589F6D825E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61)."}, {"lang": "es", "value": "Una vulnerabilidad en el servicio Extensible Messaging and Presence Protocol (XMPP) de Unified Contact Center Express (UCCx) de Cisco, podr\u00eda permitir a un atacante remoto no identificado hacerse pasar por un usuario leg\u00edtimo, tambi\u00e9n se conoce como una Vulnerabilidad de Autenticaci\u00f3n de Texto Sin Cifrar. M\u00e1s informaci\u00f3n: CSCuw86638. Versiones Afectadas Conocidas: 10.6(1). Versiones Fijas Conocidas: 11.5(1.10000.61)."}], "id": "CVE-2017-6722", "lastModified": "2017-07-07T14:58:36.460", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-04T00:29:00.697", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99201"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038749"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}