CVE-2017-6626

Name of the Vulnerable Software and Affected Versions Cisco Unified Contact Center Enterprise (UCCE) versions 11.5(1) through 11.6(1)

Description A vulnerability exists due to an undocumented, hard-coded password for a user account. This allows an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop by subscribing to the Finesse Notification Service. The attacker can receive notifications when an agent signs in or out, when information about an agent changes, or when an agent's state changes.

Recommendations For versions 11.5(1) and 11.6(1), update the system to remove the hard-coded password and ensure that all user accounts have secure, unique passwords. As a temporary workaround, consider restricting access to the Finesse Notification Service to minimize the risk of exploitation.