April 19, 2014

Cisco Issues Security Advisories For Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager

(LiveHacking.Com) - Cisco has released security advisories to address vulnerabilities affecting Cisco Unified Contact CenterCisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager.

  • Cisco Unified Contact Center Express Directory Traversal Vulnerability – Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) contain a directory traversal vulnerability that may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem. Cisco has released free software updates that address this vulnerability.
  • Buffer Overflow Vulnerabilities in the Cisco WebEx Player – Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. Cisco has released free software updates that address these vulnerabilities.
  • Cisco Security Agent Remote Code Execution Vulnerabilities - Cisco Security Agent is affected by vulnerabilities that could allow an unauthenticated attacker to perform remote code execution on the affected device. These vulnerabilities are in a third-party library (Oracle Outside In). Cisco has released free software updates that address these vulnerabilities.
  • Cisco Unified Communications Manager Directory Traversal Vulnerability – Cisco Unified Communications Manager contains a directory traversal vulnerability that may allow an unauthenticated, remote attacker to retrieve arbitrary files from the filesystem. Cisco has released free software updates that address this vulnerability.