CVE-2017-12214

Name of the Vulnerable Software and Affected Versions Cisco Unified Customer Voice Portal (CVP) versions 10.5 through 11.5

Description A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality could allow an authenticated, remote attacker to gain elevated privileges due to a lack of proper input validation. The attacker must successfully authenticate to the system to exploit this issue. An attacker could exploit this by sending a crafted HTTP request to the OAMP after authentication. A successful exploit could allow the attacker to gain administrator privileges.

Recommendations For versions 10.5 through 11.5, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the OAMP credential reset functionality to minimize the risk of exploitation.