Security News > 2020 > May > Cisco fixes critical RCE flaw in call center solution
Cisco has patched a critical remote code execution hole in Cisco Unified Contact Center Express, its "Contact center in a box" solution, and is urging administrators to upgrade to a fixed software version.
"The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device," Cisco explained.
Another piece of good news is that Cisco Talos released Snort rules for protecting against exploitation of the flaw.
According to Cisco, its Cisco Unified Contact Center - a solution for much larger customer contact centers - is not affected by CVE-2020-3280.
In the last couple of days, Cisco has also squashed two high-risk DoS vulnerabilities - one affecting its MDS 9000 Series Multilayer Switches and the other affecting Cisco Prime Network Registrar, a DNS, SHCP and IP address management appliance - and three of medium severity affecting Cisco Prime Collaboration Provisioning Software, Cisco AMP for Endpoints Mac Connector Software, and Cisco AMP for Endpoints Linux Connector Software.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/gX40pMwonIg/
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-22 | CVE-2020-3280 | Deserialization of Untrusted Data vulnerability in Cisco Unified Contact Center Express 12.0/12.0(1) A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. | 9.8 |