The version of Cisco Unified Intelligence Center installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the cisco-sa-cuic-infodisc-ssrf-84ZBmwVk advisory:

– A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to to obtain sensitive data, including hashed credentials for services associated to the affected device. (CVE-2023-20061)

– A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the affected system. (CVE-2023-20062)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More