---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: Cisco Products Unspecified Unauthorized Access Vulnerability SECUNIA ADVISORY ID: SA27214 VERIFY ADVISORY: http://secunia.com/advisories/27214/ CRITICAL: Less critical IMPACT: Security Bypass, Manipulation of data, Exposure of sensitive information WHERE: >From local network REVISION: 1.1 originally posted 2007-10-18 SOFTWARE: Cisco Unified Contact Center Enterprise (formerly IPCC) 7.x http://secunia.com/product/13202/ Cisco Unified Contact Center Hosted (formerly IPCC) 7.x http://secunia.com/product/13207/ Cisco Unified Intelligent Contact Management Enterprise (ICME) 7.x http://secunia.com/product/16166/ Cisco Unified Intelligent Contact Management Hosted (ICMH) 7.x http://secunia.com/product/16167/ Cisco System Unified Contact Center Enterprise (SUCCE) 7.x http://secunia.com/product/16168/ DESCRIPTION: A vulnerability has been reported in Cisco products, which can be exploited by malicious users to bypass certain security restrictions, disclose certain sensitive information, and manipulate certain data. The vulnerability is caused due to an unspecified error and can be exploited by Windows Active Directory users to e.g. view Web View report information for any call center instance or gain access to the Web Admin tool. The vulnerability is reported in the following products: * Cisco Unified Intelligent Contact Management Enterprise (Unified ICME) * Cisco Unified ICM Hosted (Unified ICMH) * Cisco Unified Contact Center Enterprise (UCCE) * Cisco Unified Contact Center Hosted (UCCH) * Cisco System Unified Contact Center Enterprise (SUCCE) SOLUTION: Apply updates (see vendor's advisory for details). http://tools.cisco.com/support/downloads/go/MDFTree.x?butype=cc PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. CHANGELOG: 2007-10-18: Added CVE reference. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------