Condorlab

Cisco – Cross Site Scripting in Cisco Costumer Voice Portal


Advisory ID

RSN-UC-0003


Vulnerability Information

Due to insufficient input validation of a parameter in multiple pages used by the web interface of Cisco Unified Voice Portal versions 9.0 (1) and 10.0 (1), an unauthenticated user could cause a Cross Site Scripting attack against the user of a web interface.  For more information on the affected versions, CVE-2014-3325 was assigned for this bug.


Release Date

29/07/2014

 

SIP (Session Initiation Protocol) is a protocol used for the initiation, modification and termination of voice and video calls through IP networks. This protocol is implemented in multiple Cisco systems products such as routers, switches and Firewalls.


Solutions

 

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com


External Resources

 

 

Common Vulnerabilities and Exposures (CVE)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140729-CVE-2014-3325

Cisco Security Advisory

https://tools.cisco.com/security/center/viewAlert.x?alertId=34957