CVE-2017-6722

Name of the Vulnerable Software and Affected Versions Cisco Unified Contact Center Express (UCCx) versions 10.6(1) through 11.5(1.10000.60)

Description A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This issue is related to clear text authentication.

Recommendations For versions 10.6(1) through 11.5(1.10000.60), update to version 11.5(1.10000.61) to resolve the issue. As a temporary workaround, consider restricting access to the XMPP service until the update is applied.