Summary

• Unified Contact Center and Intelligent Contact Management products contain a vulnerability that may result in unauthorized access to the web-based reporting and script monitoring tool (Web View) and the web-based configuration tool (Web Admin).

  This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20071017-IPCC.

Affected Products

• Vulnerable Products

  The following products are affected by a vulnerability that may result in unauthorized access to the web-based reporting and script monitoring tool (Web View):

  • Cisco Unified Intelligent Contact Management Enterprise (Unified ICME)
    
  • Cisco Unified ICM Hosted (Unified ICMH)
    
  • Cisco Unified Contact Center Enterprise (UCCE)
    
  • Cisco Unified Contact Center Hosted (UCCH)
    
  • Cisco System Unified Contact Center Enterprise (SUCCE)
    

  The following product is affected by a vulnerability that may result in unauthorized access to the web-based configuration tool (Web Admin).

  • Cisco System Unified Contact Center Enterprise (SUCCE)
    

  To determine the version of software installed on the Administration Workstation (AW), navigate to the Add or Remove Programs window on the Windows Server. If impacted, an entry for Cisco ICM Maintenance Release ICM 7.1(5) will be observable in the list of installed applications.

  Products Confirmed Not Vulnerable

  The following products are not affected by the vulnerability described in this document:

  • Cisco Unified Contact Center Express
    
  • Cisco IP Contact Center Express
    

  No other Cisco products are known to be affected by this vulnerability.

  Only the identified products running software version ICM 7.1(5) are impacted by this vulnerability.

Details

• Cisco Unified ICME, Unified ICMH, UCCE, UCCH and SUCCE are a suite of strategic platforms that enable customers to provide intelligent routing and call treatment with blending of multiple communication channels.

  A vulnerability exists in software version 7.1(5) for Cisco Unified ICME, Unified ICMH, UCCE, UCCH and SUCCE editions that may enable any Windows Active Directory domain defined user to obtain unauthorized privilege levels. This would provide Windows Active Directory users the ability to view Web View report information for any call center instance. Cisco SUCCE is also impacted by unauthorized access to the Web Admin tool, which could result in the ability to change the application configuration, including editing application rights.

  This vulnerability is documented in Cisco Bug ID: CSCsj55686 ( registered customers only) .

Workarounds

• Any Windows users defined in Active Directory that are not part of the ICM/IPCC Active Directory hierarchy will have full access to the Web View and Web Admin tools. There is no workaround. Users defined in the Windows Active Directory domain where the IPCC servers reside and then associated to the instance of the ICM/IPCC Active Directory hierarchy will have correct permissions. Filters such as Transit ACLs can then be used to allow access to the Administration Workstation from only the trusted hosts.

  Filters that deny HTTP packets using TCP port 80 and HTTPS packets using TCP port 443 should be deployed throughout the network as part of a tACL policy for protection of traffic that enters the network at ingress access points. This policy should be configured to protect the network device where the filter is applied and other devices behind it. Filters for HTTP packets using TCP port 80 and HTTPS packets using TCP port 443 should also be deployed in front of vulnerable network devices so that traffic is only allowed from trusted clients.

  Additional information about tACLs is available in "Transit Access Control Lists: Filtering at Your Edge: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml.

  Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20071017-IPCC.

Fixed Software

• When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.

  In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.

  Software Release	Patch	Maintenance
  7.1(5)	ICM7.1(5)_ES46	7.2(3) (Available December 2007)

  Contact Center and ICM maintenance software can be downloaded from the following URL:

  https://sec.cloudapps.cisco.com/support/downloads/go/MDFTree.x?butype=cc ( registered customers only)

Exploitation and Public Announcements

• The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.

  This vulnerability was discovered during the resolution of customer support cases.

URL

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20071017-IPCC

Revision History

• Revision 1.1	2008-April-25	Updated link to CVSS score for CSCsj55686.
  Revision 1.0	2007-Oct-17	Initial Public Release

  Show Less