Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0650
Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software
9 May 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Unified Customer Voice Portal
Publisher: Cisco Systems
Operating System: Windows Server 2008 R2
Cisco
Impact/Access: Administrator Compromise -- Remote/Unauthenticated
Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2013-1225 CVE-2013-1224 CVE-2013-1223
CVE-2013-1222 CVE-2013-1221 CVE-2013-1220
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software
Advisory ID: cisco-sa-20130508-cvp
Revision 1.0
For Public Release 2013 May 8 16:00 UTC (GMT)
+------------------------------------------------------------------------------
Summary
=======
Cisco Unified Customer Voice Portal Software (Unified CVP) contains multiple
vulnerabilities. Various components of Cisco Unified CVP are affected; see the
"Details" section for more information on the vulnerabilities. These
vulnerabilities can be exploited independently; however, more than one
vulnerability could be exploited on the same device.
Cisco has released free software updates that address these vulnerabilities.
Workarounds that mitigate some of these vulnerabilities are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlGIWaUACgkQUddfH3/BbTpQMQD9HWwMuwQ7YSyrqYDSDkcnesWh
XsvSL0PXA8lMaS+bSKMBAI/ChGvff6/MJuP6KqAAfHUkVQe8qyxsJGyk0lluGNtQ
=HN7d
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUYrmGu4yVqjM2NGpAQKgaw//ZNTqVZEWNlrqy3ZE98D6E4xG93bqmiTJ
7MlnzrDdbwUOt3/Oys2mUyQOjxQ4JVpjv+gpQRtCbRVH9/1g507ClMxYEMM+uuGW
SSQvwWC4Pt+LAzdJIL0LAM1h/S/dSUOlABb36CjQd4lRWt+yGKDFBCQjjZl55xHk
OOMjCqdOrZZcIa5MCOxWgcknpD1JPnE0PbWx05J8Ru39KKn9dvQlOGC/FMG9C+zU
/RXxYZxaQaZn84Dm43FqCfgY6cAv0hG85aD2OTDkgMtcmHBewmrlXvZbiNG95bhG
WDzvxr3i7Y+eMpFkXjr4ZpxP2bG8BUNp5xsmNEMUIT6dYcTTtJCq5lYLaxYAm85J
L0bSikV8DxyGHe29QvhugKZo77zQz26qnhK4so1idH3WHSe964hcCK9Q1t5H9+v4
MC3L8kzI2vToECGlhJX2iRE3+0I7JqrGtK8760NY7RL7Nv3z8VWx9ir3FvvPNPIO
pSEvFWpOH3Qxp8ClfdshHiHoJ/1FJtHftJfQX2ToaZO7xPHiPUJz3oMf8LDKQywm
D0o3kiRqC5+FanbamRCogDCn9OKueLLzgpdIRfB8AVhK1CcCKUNRSdOuelmKa+oP
HhY3PUe7loSzlabuK1sk1/wpJSwjx20YRKVN3U/nQdl8NFrAWRSCFMtV0nhUhXpj
URFokd+xA0Q=
=ROl+
-----END PGP SIGNATURE-----