Security News > 2020 > May > Critical Cisco Bug in Unified CCX Allows Remote Code Execution
Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express.
Cisco's Unified CCX software is touted as a "Contact center in a box" that allows companies to deploy customer-care applications.
Those who are using Cisco Unified CCX version 12.0 and earlier are urged to update to the fixed release, 12.0(1)ES03.
Cisco is not aware of any public announcements or malicious use of the flaw, according to the update.
Also fixed were several medium-severity flaws, including a SQL injection flaw in Cisco's Prime Collaboration Provisioning Software, a DOS flaw in Cisco AMP for Endpoints Mac Connector Software and memory buffer flaws in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software.
News URL
https://threatpost.com/critical-cisco-rce-flaw-unified-ccx/155980/
Related news
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Critical Cisco ISE bug can let attackers run commands as root (source)
- Critical flaws in Mongoose library expose MongoDB to data thieves, code execution (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)