Vulnerabilities > Cisco > Unified Contact Center Express > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-01-26 CVE-2024-20253 Unspecified vulnerability in Cisco products
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
network
low complexity
cisco
critical
10.0
2022-01-14 CVE-2022-20658 Incorrect Resource Transfer Between Spheres vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator.
network
low complexity
cisco CWE-669
critical
9.6
2021-12-10 CVE-2021-44228 Deserialization of Untrusted Data vulnerability in multiple products
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
10.0
2020-05-22 CVE-2020-3280 Deserialization of Untrusted Data vulnerability in Cisco Unified Contact Center Express 12.0/12.0(1)
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
network
low complexity
cisco CWE-502
critical
9.8
2018-07-18 CVE-2018-0403 Server-Side Request Forgery (SSRF) vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password.
network
low complexity
cisco CWE-918
critical
9.8
2017-11-16 CVE-2017-12337 Improper Authentication vulnerability in Cisco products
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device.
network
low complexity
cisco CWE-287
critical
9.8