N/A

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314.

N/A

信息暴露

Cisco Unified Contact Center Enterprise 信息泄露漏洞

Cisco Unified Contact Center Enterprise(UCCE)是美国思科（Cisco）公司的一套基于IP的联系中心组件。该组件在IP基础设施上提供了智能联系路由、呼叫处理、网络到桌面计算机电话集成（CTI）和多通道联系管理功能。 Cisco UCCE 11.5(1)版本和11.6(1)版本中的Cisco Finesse Notification Service存在安全漏洞，该漏洞源于用户账户使用硬编码密码。远程攻击者可利用该漏洞检索信息。

N/A

N/A