Security News > 2020 > May > Cisco Patches Critical Vulnerability in Contact Center Software
Cisco this week released security patches to address several vulnerabilities in its products, including a critical severity bug in its Unified Contact Center Express software.
The issue, Cisco explains in an advisory, exists because of the software's insecure deserialization of user supplied content.
Cisco also released a software update to address a high vulnerability in Prime Network Registrar that could be abused by a remote, unauthenticated attacker to cause a denial of service condition.
Cisco addressed medium risk vulnerabilities in AMP for Endpoints Mac Connector Software and AMP for Endpoints Linux Connector Software, which could be abused to cause a DoS condition or cause a crash and restart of the service.
Prime Collaboration Provisioning Software releases earlier than 12.6 SU2 were found impacted and Cisco says it is not aware of a workaround for this issue.
News URL
Related news
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)