Packaged Contact Center Enterprise
CVE-2023-20062
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.
AnalysisAI
Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. Affected products include: Cisco Packaged Contact Center Enterprise, Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express, Cisco Unified Intelligence Center.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthe
Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect s
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticate
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticate
A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthe
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today