Security News > 2020 > May > Cisco Patches Critical Vulnerability in Contact Center Software
Cisco this week released security patches to address several vulnerabilities in its products, including a critical severity bug in its Unified Contact Center Express software.
The issue, Cisco explains in an advisory, exists because of the software's insecure deserialization of user supplied content.
Cisco also released a software update to address a high vulnerability in Prime Network Registrar that could be abused by a remote, unauthenticated attacker to cause a denial of service condition.
Cisco addressed medium risk vulnerabilities in AMP for Endpoints Mac Connector Software and AMP for Endpoints Linux Connector Software, which could be abused to cause a DoS condition or cause a crash and restart of the service.
Prime Collaboration Provisioning Software releases earlier than 12.6 SU2 were found impacted and Cisco says it is not aware of a workaround for this issue.
News URL
Related news
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Critical Cisco ISE bug can let attackers run commands as root (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)