CVE-2017-12214 | Vulnerability Database | Aqua Security

A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) running software release 10.5, 11.0, or 11.5. Cisco Bug IDs: CSCve92752.

Affected Software

Name	Vendor	Start Version	End Version
Unified_customer_voice_portal	Cisco	10.5 (including)	10.5 (including)
Unified_customer_voice_portal	Cisco	11.0 (including)	11.0 (including)
Unified_customer_voice_portal	Cisco	11.5 (including)	11.5 (including)

References

http://www.securityfocus.com/bid/100931
http://www.securitytracker.com/id/1039411
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp
http://www.securityfocus.com/bid/100931
http://www.securitytracker.com/id/1039411
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-12214
CWE	https://cwe.mitre.org/data/definitions/264.html