|
|
|
|
| |
Credit:
The information has been provided by National Australia Bank's Security Assurance Team.
The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20090715-uccx.shtml
|
| |
Vulnerable Systems:
* Cisco Customer Response Solution (CRS) versions 3.x, 4.x, 5.x, 6.x, and 7.x
* Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) versions 3.x, 4.x, 5.x, 6.x, and 7.x
* Cisco Unified CCX 4.x, 5.x, 6.x, and 7.x
* Cisco Unified IP Contact Center Express versions 3.x, 5.x, 6.x, and 7.x
* Cisco Customer Response Applications versions 3.x
* Cisco IP Queue Manager (IP QM) versions 3.x
Cisco Unified Contact Center Express (Cisco Unified CCX) servers may be affected by both a directory traversal vulnerability and a script injection vulnerability.
The directory traversal vulnerability may allow authenticated users to view, modify, or delete any file on the server through the Customer Response Solutions (CRS) Administration interface. This vulnerability is documented in Cisco Bug ID CSCsw76644 and has been assigned Common Vulnerability and Exposures (CVE) ID CVE-2009-2047.
The script injection vulnerability may allow authenticated users to enter JavaScript into the Cisco Unified CCX database. The stored script could be executed in the browser of the next authenticated user. This vulnerability is documented in Cisco Bug ID CSCsw76649 and has been assigned CVE ID CVE-2009-2048.
Successful exploitation of the directory traversal vulnerability may result in read and write access to files on the underlying operating system. Successful exploitation of the script injection vulnerability may result in the execution of JavaScript of authenticated users and prevent server pages from displaying properly.
Patch Availability:
The fixes for these vulnerabilities are included in CRS version 7.0(1)SR2 and are available as a hotfix for customers running versions 5.x and 6.x. The hotfixes are crs5.0.2sr2es09 and crs6.0.1sr1es05.
The latest version of Cisco Unified Contact Center Express is available at the following link: http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=7.0%281%29_SR2&mdfid=270569179&sftType=Cisco+Customer+Response+Solution+Software+Releases&optPlat=&nodecount=11&edesignator=null&modelName=Cisco+Unified+Contact+Center+Express&treeMdfId=2788752.
Information about how to obtain the hotfixes can be found in the release notes enclosures of the bugs at: CSCsw76644 and CSCsw76649.
Workaround
There are no workarounds for these vulnerabilities. The script injection attacks that are described in this advisory are a specific classification of stored cross-site scripting attacks. A description and mitigation technique can be found in the applied mitigation bulletin available at the following link:
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a008073f7b3.html
These vulnerabilities can be detected and mitigated with IDS signatures 3216-0 and 19001-0.
CVE Information:
CVE-2009-2047
CVE-2009-2048
|
|
|
|
|
