Published: 07/02/2016 Updated: 06/12/2016

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote malicious users to obtain access via an XMPP session, aka Bug ID CSCuw79085.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco finesse 10.5\\\\\\(1\\\\\\)_base
cisco finesse 11.0\\\\\\(1\\\\\\)_base
cisco unified contact center express 10.6\\\\\\(1\\\\\\)

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) in the Cisco Finesse Desktop and Cisco Unified Contact Center Express applications could allow an unauthenticated, remote attacker to log in to the device with a default account with a static password This account provides nonadministrative access to the Openfire server bundl ...

CWE-287 CWE-255 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce http://www.securitytracker.com/id/1034921 http://www.securitytracker.com/id/1034920 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-1307

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect