Vulnerabilities > CVE-2016-1307 - Credentials Management vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | CISCO |
NASL id | CISCO-SA-20160202-FDUCCE-FINESSE.NASL |
description | According to its self-reported version, the Cisco Finesse appliance is affected by an authentication bypass vulnerability exists in Extensible Messaging and Presence Protocol (XMPP) due to a default account with a static password. An unauthenticated, remote attacker can exploit this, via using the default account, to bypass authentication and execute arbitrary actions with user privileges. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 130065 |
published | 2019-10-21 |
reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/130065 |
title | Cisco Finesse Appliance Authentication Bypass Vulnerability (cisco-sa-20160202-fducce) |
code |
|
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce
- http://www.securitytracker.com/id/1034920
- http://www.securitytracker.com/id/1034920
- http://www.securitytracker.com/id/1034921
- http://www.securitytracker.com/id/1034921