Published: 09/05/2013 Updated: 09/05/2013

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software prior to 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote malicious users to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco unified customer voice portal 4.0\\(2\\)
cisco unified customer voice portal 3.0
cisco unified customer voice portal 8.0\\(1\\)
cisco unified customer voice portal 3.6\\(10\\)
cisco unified customer voice portal 8.5\\(1\\)
cisco unified customer voice portal 4.0
cisco unified customer voice portal 4.1
cisco unified customer voice portal 7.0
cisco unified customer voice portal 9.0
cisco unified customer voice portal 7.0\\(2\\)
cisco unified customer voice portal

Cisco Unified Customer Voice Portal Software (Unified CVP) contains multiple vulnerabilities Various components of Cisco Unified CVP are affected; see the "Details" section for more information on the vulnerabilities These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device ...

CWE-16 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-1221

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect