CVE-2023-20232

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 16, 2023
Updated: Jan 25, 2024
CWE ID 20

Summary

CVE-2023-20232 is a vulnerability affecting the Tomcat implementation in Cisco Unified Contact Center Express (Unified CCX). This issue allows unauthenticated, remote attackers to conduct web cache poisoning attacks on affected devices. The root cause is insufficient input validation of HTTP requests. An attacker can exploit this vulnerability by crafting malicious HTTP requests to a specific API endpoint on the Unified CCX Finesse Portal. A successful exploit may result in users being redirected to a malicious host controlled by the attacker.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Cisco Unified Contact Center Express

Affected Vendors

  • Cisco Systems Inc