Security News > 2020 > May > Cisco fixes critical RCE flaw in call center solution

Cisco fixes critical RCE flaw in call center solution
2020-05-22 09:36

Cisco has patched a critical remote code execution hole in Cisco Unified Contact Center Express, its "Contact center in a box" solution, and is urging administrators to upgrade to a fixed software version.

"The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device," Cisco explained.

Another piece of good news is that Cisco Talos released Snort rules for protecting against exploitation of the flaw.

According to Cisco, its Cisco Unified Contact Center - a solution for much larger customer contact centers - is not affected by CVE-2020-3280.

In the last couple of days, Cisco has also squashed two high-risk DoS vulnerabilities - one affecting its MDS 9000 Series Multilayer Switches and the other affecting Cisco Prime Network Registrar, a DNS, SHCP and IP address management appliance - and three of medium severity affecting Cisco Prime Collaboration Provisioning Software, Cisco AMP for Endpoints Mac Connector Software, and Cisco AMP for Endpoints Linux Connector Software.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/gX40pMwonIg/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-05-22 CVE-2020-3280 Deserialization of Untrusted Data vulnerability in Cisco Unified Contact Center Express 12.0/12.0(1)
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
network
low complexity
cisco CWE-502
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751