CVE-2019-16017

Name of the Vulnerable Software and Affected Versions Cisco Unified Customer Voice Portal (affected versions not specified)

Description The issue is related to insufficient input validation on specific pages of the OAMP application, allowing an authenticated, remote attacker to execute Insecure Direct Object Reference actions. This could enable an attacker with administrator or read-only privileges to access information outside their expected scope. An attacker with administrator privileges could also modify configuration details, potentially resulting in a denial of service condition. The vulnerability can be exploited by sending crafted HTTP requests after authenticating to Cisco Unified CVP.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.