Security News > 2020 > May > Critical Cisco Bug in Unified CCX Allows Remote Code Execution
Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express.
Cisco's Unified CCX software is touted as a "Contact center in a box" that allows companies to deploy customer-care applications.
Those who are using Cisco Unified CCX version 12.0 and earlier are urged to update to the fixed release, 12.0(1)ES03.
Cisco is not aware of any public announcements or malicious use of the flaw, according to the update.
Also fixed were several medium-severity flaws, including a SQL injection flaw in Cisco's Prime Collaboration Provisioning Software, a DOS flaw in Cisco AMP for Endpoints Mac Connector Software and memory buffer flaws in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software.
News URL
https://threatpost.com/critical-cisco-rce-flaw-unified-ccx/155980/
Related news
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution (source)
- Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (source)
- Apache fixes critical OFBiz remote code execution vulnerability (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk (source)