CVE-2023-20062 - OpenCVE

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Packaged Contact Center Enterprise Unified Contact Center Enterprise Unified Contact Center Express Unified Intelligence Center

Configuration 1 [-]

OR	cpe:2.3:a:cisco:packaged_contact_center_enterprise:-:::::::*
	cpe:2.3:a:cisco:unified_contact_center_enterprise:-:::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:-:::::::*
	cpe:2.3:a:cisco:unified_intelligence_center::::::::

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-03-03T00:00:00

Updated: 2024-08-02T08:57:35.899Z

Reserved: 2022-10-27T00:00:00

Link: CVE-2023-20062

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-03-03T16:15:10.093

Modified: 2023-11-07T04:05:54.797

Link: CVE-2023-20062

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-20062", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "dateUpdated": "2024-08-02T08:57:35.899Z", "dateReserved": "2022-10-27T00:00:00", "datePublished": "2023-03-03T00:00:00"}, "containers": {"cna": {"title": "Cisco Unified Intelligence Center Vulnerabilities", "datePublic": "2023-03-01T00:00:00", "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2023-03-03T00:00:00"}, "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities."}], "affected": [{"vendor": "Cisco", "product": "Cisco Unified Intelligence Center ", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "20230301 Cisco Unified Intelligence Center Vulnerabilities", "tags": ["vendor-advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-200", "cweId": "CWE-200"}]}], "source": {"advisory": "cisco-sa-cuic-infodisc-ssrf-84ZBmwVk", "defect": [["CSCwd01184", "CSCwd02972"]], "discovery": "INTERNAL"}, "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.899Z"}, "title": "CVE Program Container", "references": [{"name": "20230301 Cisco Unified Intelligence Center Vulnerabilities", "tags": ["vendor-advisory", "x_transferred"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3CDF903-2720-421E-BEE0-77422403956D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*", "matchCriteriaId": "D31CC0E9-8E21-436B-AB84-EA1B1BC60DCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:-:*:*:*:*:*:*:*", "matchCriteriaId": "444F1581-0CD5-40B9-8C9E-0E428E6D75C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5B7ABD3-A909-432D-87D3-9C52496DEFAE", "versionEndExcluding": "12.6\\(2\\)", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities."}], "id": "CVE-2023-20062", "lastModified": "2023-11-07T04:05:54.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2023-03-03T16:15:10.093", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}