Vulnerabilities > CVE-2008-2053 - Privilege Escalation vulnerability in Cisco Unified Customer Voice Portal 4.0/4.1/7.0

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
cisco
critical
NVD
Published: 2008-05-22
Updated: 2017-08-08

Summary

Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) 4.0.x before 4.0(2)_ES14, 4.1.x before 4.1(1)_ES11, and 7.x before 7.0(1) allows remote authenticated users with administrator role privileges to create, modify, or delete a superuser account.

Vulnerable Configurations

Part Description Count
Application
Cisco
3

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 29315 CVE(CAN) ID: CVE-2008-2053 Cisco Unified Customer Voice Portal(CVP)是Cisco用户交互网络解决方案的一部分,可为用户提供语音和视频自助服务集成。 CVP中有三个不同的用户角色:超级用户,管理员和只读访问。CVP中的安全漏洞允许管理员角色的用户创建、修改或删除更高系统权限的超级用户帐号。 Cisco CVP 7.x Cisco CVP 4.1.x Cisco CVP 4.0.x Cisco ----- Cisco已经为此发布了一个安全公告(cisco-sa-20080521-cvp)以及相应补丁: cisco-sa-20080521-cvp:Cisco Voice Portal Privilege Escalation Vulnerability 链接:<a href=http://www.cisco.com/warp/public/707/cisco-sa-20080521-cvp.shtml target=_blank>http://www.cisco.com/warp/public/707/cisco-sa-20080521-cvp.shtml</a> 补丁下载: <a href=http://www.cisco.com/pcgi-bin/tablebuild.pl/36833091037661f49ad8152368c22bbf target=_blank>http://www.cisco.com/pcgi-bin/tablebuild.pl/36833091037661f49ad8152368c22bbf</a> <a href=http://www.cisco.com/pcgi-bin/tablebuild.pl/946b57654c80187da8c3cfc0aa02866e target=_blank>http://www.cisco.com/pcgi-bin/tablebuild.pl/946b57654c80187da8c3cfc0aa02866e</a>
idSSV:3328
last seen2017-11-19
modified2008-05-24
published2008-05-24
reporterRoot
titleCisco Unified Customer Voice Portal权限提升漏洞

References