Privacy and Legal Notice

DOE-CIRC TECHNICAL BULLETIN

T-189: Directory Traversal Vulnerability in the Administration Interface in Cisco Customer Response Solutions

[CVE-2009-2047]

July 21, 2009 13:00 GMT
PROBLEM: Vulnerability allows remote authenticated users to read, modify or delete any file on the server.
PLATFORM: Codeorigin Sysax Multi Server 4.3, Cisco Unified IP Interactive Voice Response 7.x, Cisco Unified IP Interactive Voice Response 6.x, Cisco Unified IP Interactive Voice Response 5.x, Cisco Unified IP Interactive Voice Response 4.x, Cisco Unified IP Interactive Voice Response 3.x, Cisco Unified Contact Center Express (CCX) 7.x, Cisco Unified Contact Center Express (CCX) 6.x, Cisco Unified Contact Center Express (CCX) 5.x, Cisco IP Queue Manager 3.x, Cisco IP Queue Manager , Cisco Customer Response Solution (CRS) 7.x, Cisco Customer Response Solution (CRS) 6.x, Cisco Customer Response Solution (CRS) 5.x, Cisco Customer Response Solution (CRS) 4.x, Cisco Customer Response Solution (CRS) 3.x, Cisco Customer Response Applications 3.x.
ABSTRACT: Cisco Unified Contact Center Express is prone to a directory-traversal vulnerability. An attacker can exploit this issue to view, modify, or delete any file on the server through the CRS Administration interface. Successful exploits may lead to other attacks.
LINKS:  
  DOE-CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/t-189.shtml
  OTHER LINKS: Security Focus
http://www.securityfocus.com/bid/35706/info
Cisco
http://www.cisco.com/warp/public/707/cisco-sa-20090715-uccx.shtml

  CVE: CVE-2009-2047
IMPACT ASSESSMENT: This risk is high. Although authentication is required, exploitation difficulty is low and the impact is high. Altering files on the server allows complete compromise. 
[***** Start CVE-2009-2047 *****]
Discussion:
Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors.

Impact Type:
Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Solution:
Apply vendor supplied patch:

http://www.cisco.com/warp/public/707/cisco-sa-20090715-uccx.shtml

[***** End CVE-2009-2047 *****]
DOE-CIRC services are available to DOE, DOE Contractors, and the NIH. DOE-CIRC can be contacted at: 
    Voice:          866-941-2472
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov
UCRL-MI-119788