Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability

Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) contain a directory traversal vulnerability that may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem.


Cisco Unified Contact Center Express Directory Traversal Vulnerability
.







Advisory ID: cisco-sa-20111026-uccx

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx

Revision 1.0

For Public Release 2011 October 26 16:00  UTC (GMT)

--------------------------------------------------------------------------------



















--------------------------------------------------------------------------------

Summary


Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) contain a directory traversal vulnerability that may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem.

Cisco has released free software updates that address this vulnerability.  

There are no workarounds that mitigate this vulnerability.
This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx .

Cisco Unified Communications Manager is also affected by this vulnerability and a separate advisory has been published at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm .

Note: Effective October 18, 2011, Cisco moved the current list of Cisco Security Advisories and Responses published by Cisco PSIRT. The new location is http://tools.cisco.com/security/center/publicationListing . You can also navigate to this page from the Cisco Products and Services menu of the Cisco Security Intelligence Operations (SIO) Portal. Following this transition, new Cisco Security Advisories and Responses will be published to the new location. Although the URL has changed, the content of security documents and the vulnerability policy are not impacted. Cisco will continue to disclose security vulnerabilities in accordance with the published Security Vulnerability Policy.



[Expand all sections]     [Collapse all sections]



Affected Products





Vulnerable Products



The following Cisco UCCX versions are vulnerable:
Cisco UCCX version 6.0(x)
Cisco UCCX version 7.0(x)
Cisco UCCX version 8.0(x)
Cisco UCCX version 8.5(x)

Note: Cisco UCCX versions prior to 6.0(x) reached end of software maintenance. Customers running versions prior to 6.0(x) should contact their Cisco support team for assistance in upgrading to a supported version of Cisco UCCX.



The following Cisco Unified IP Interactive Voice Response versions are vulnerable:
Cisco Unified IP Interactive Voice Response version 6.0(x)
Cisco Unified IP Interactive Voice Response version 7.0(x)
Cisco Unified IP Interactive Voice Response version 8.0(x)
Cisco Unified IP Interactive Voice Response version 8.5(x)
Note: Cisco Unified IP Interactive Voice Response versions prior to 6.0(x) reached end of software maintenance. Customers running versions prior to 6.0(x) should contact their Cisco support team for assistance in upgrading to a supported version of Cisco Unified IP Interactive Voice Response.






Products Confirmed Not Vulnerable




Top of the section     Close Section


Details


The Cisco Unified Contact Center Express is a single/two node server, integrated "contact center in a box" for use in deployments with up to 300 agents until software version 8.0(x) and 400 agents starting at version 8.5(x).

The Cisco Unified Interactive Voice Response is a UCCX product package that provides IP call queuing and IP intelligent voice response functionality for contact centers.

Cisco Unified Communications Manager and Cisco Unified Contact Center Express Directory Traversal Vulnerability
Cisco Unified Communications Manager, Cisco Unified Contact Center Express and Cisco Unified IP Interactive Voice Response contain a directory traversal vulnerability that may allow an unauthenticated, remote attacker to retrieve arbitrary files from the filesystem.


The vulnerability is due to improper input validation, and could allow the attacker to traverse the filesystem directory. An attacker could exploit this vulnerability by sending a specially crafted URL to the affected system.

The vulnerability in Cisco Unified Contact Center Express and Cisco Unified IP Interactive Voice Response could be exploited over TCP port 8080 in 6.0(x) and 7.0(x) versions and TCP port 9080 starting in 8.0(x) version of the product.

Note: In Cisco Unified Contact Center Express and Cisco Unified IP Interactive Voice Response versions 6.0(x) and 7.0(x), port 8080 could be reconfigured on the server.

This advisory addresses the vulnerability in Cisco Unified Contact Center Express and Cisco Unified IP Interactive Voice Response, which is documented in Cisco bug ID CSCts44049, (registered customers only) and has been assigned CVE ID CVE-2011-3315.
Top of the section     Close Section



Vulnerability Scoring Details


Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.

Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.

Cisco has provided an FAQ to answer additional questions regarding CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html .

Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at
   http://intellishield.cisco.com/security/alertmanager/cvss .








CSCts44049, UCCX vulnerable to directory traversal

Calculate the environmental score of CSCts44049,




CVSS Base Score - 7.8




Access Vector


Access Complexity


Authentication


Confidentiality Impact


Integrity Impact


Availability Impact




Network


Low


None


Complete


None


None




CVSS Temporal Score - 6.4




Exploitability


Remediation Level


Report Confidence




Functional


Official-Fix


Confirmed


Top of the section     Close Section



Impact


Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to retrieve arbitrary files from the Cisco Unified Contact Center Express or Cisco Unified IP Interactive Voice Response filesystem.
Top of the section     Close Section



Software Versions and Fixes



















































Workarounds







Obtaining Fixed Software











































Exploitation and Public Announcements











Status of this Notice: Final










Distribution






























Revision History






















Cisco Security Procedures

Telegram "SecurityLab" Telegram, .