Security News > 2022 > January > Critical Cisco Contact Center Bug Threatens Customer-Service Havoc
A critical security bug affecting Cisco's Unified Contact Center Enterprise portfolio could allow privilege-escalation and platform takeover.
The bug in question is a particularly nasty one, with a critical rating of 9.6 out of 10 on the CVSS vulnerability-severity scale, and could allow authenticated, remote attackers to elevate their privileges to administrator, with the ability to create other administrator accounts.
It specifically exists in the web-based management interface of Cisco Unified Contact Center Management Portal and Cisco Unified Contact Center Domain Manager and stems from the fact that the server relies on authentication mechanisms handled by the client side.
The CCMP is a management tool that gives contact-center supervisors the ability to move, add and change agents working in different areas of the contact center between different call queues, brands, product lines and more.
Armed with additional admin accounts, attackers could access and modify telephony and user resources across all of platforms that are associated to the vulnerable Cisco Unified CCMP, Cisco warned.
In 2020 a critical bug in its "Contact center in-a-box" platform, Unified Contact Center Express, was found to allow remote code-execution.
News URL
https://threatpost.com/critical-cisco-contact-center-bug/177681/
Related news
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)