VDB

CVE-2023-20232

CVE-2023-20232 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific API endpoint on the Unified CCX Finesse Portal. A successful exploit could allow the attacker to cause the internal WebProxy to redirect users to an attacker-controlled host.

EPSS 0.14% · 33.9th percentile

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.14%
33.9th percentile

Affected Products

VendorProductVersions
ciscounified_contact_center_express0
CiscoCisco Unified Contact Center Express8.5(1), 9.0(2)SU3ES04, 10.0(1)SU1ES04

Exploit Intelligence

Timeline

  • Aug 16, 2023 CVE Published
  • Aug 18, 2023 EPSS Score
  • Sep 20, 2023 EPSS Score
  • Oct 24, 2023 EPSS Score
  • Nov 26, 2023 EPSS Score
  • Dec 29, 2023 EPSS Score
  • Feb 1, 2024 EPSS Score
  • Mar 5, 2024 EPSS Score
  • Apr 7, 2024 EPSS Score
  • May 10, 2024 EPSS Score
  • Jun 13, 2024 EPSS Score
  • Jul 16, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›