4.3
CVE-2025-20377
- EPSS 0.05%
- Veröffentlicht 05.11.2025 16:31:52
- Zuletzt bearbeitet 06.11.2025 19:45:30
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected system that should be restricted. To exploit this vulnerability, the attacker must have valid user credentials on the affected system.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco Packaged Contact Center Enterprise
Default Statusunknown
Version
12.5(1)
Status
affected
Version
11.0(1)
Status
affected
Version
12.0(1)
Status
affected
Version
11.0(2)
Status
affected
Version
11.5(1)
Status
affected
Version
10.5(1)
Status
affected
Version
10.5(2)
Status
affected
Version
11.6(2)
Status
affected
Version
10.5(1)_ES7
Status
affected
Version
11.6(1)
Status
affected
Version
10.5(2)_ES8
Status
affected
Version
12.6(1)
Status
affected
Version
12.5(2)
Status
affected
Version
12.6(2)
Status
affected
Version
15.0(1)
Status
affected
HerstellerCisco
≫
Produkt
Cisco Unified Contact Center Enterprise
Default Statusunknown
Version
12.6(1)ES3
Status
affected
Version
12.6(1)ES1
Status
affected
Version
12.6(1)
Status
affected
Version
12.6(1)ES2
Status
affected
Version
12.6(1)SecurityPatch
Status
affected
Version
12.5(1)ES1
Status
affected
Version
12.5(1)
Status
affected
Version
12.6(1)ES4
Status
affected
Version
11.0(1)
Status
affected
Version
10.5(1)
Status
affected
Version
12.0(1)
Status
affected
Version
10.5
Status
affected
Version
11.0
Status
affected
Version
11.5
Status
affected
Version
12.6(2)
Status
affected
Version
12.6(2)ES1
Status
affected
Version
12.6(2)ES2
Status
affected
Version
15.0(1)
Status
affected
Version
12.6(2)ES3
Status
affected
Version
15.0(1)ET01
Status
affected
Version
15.0(1)_SP1
Status
affected
HerstellerCisco
≫
Produkt
Cisco Unified Contact Center Express
Default Statusunknown
Version
10.5(1)SU1
Status
affected
Version
10.6(1)
Status
affected
Version
11.6(1)
Status
affected
Version
10.6(1)SU1
Status
affected
Version
10.6(1)SU3
Status
affected
Version
11.6(2)
Status
affected
Version
12.0(1)
Status
affected
Version
11.0(1)SU1
Status
affected
Version
11.5(1)SU1
Status
affected
Version
10.5(1)
Status
affected
Version
12.5(1)
Status
affected
Version
12.5(1)SU1
Status
affected
Version
12.5(1)SU2
Status
affected
Version
12.5(1)SU3
Status
affected
Version
12.5(1)_SU03_ES01
Status
affected
Version
12.5(1)_SU03_ES02
Status
affected
Version
12.5(1)_SU02_ES03
Status
affected
Version
12.5(1)_SU02_ES04
Status
affected
Version
12.5(1)_SU02_ES02
Status
affected
Version
12.5(1)_SU01_ES02
Status
affected
Version
12.5(1)_SU01_ES03
Status
affected
Version
12.5(1)_SU02_ES01
Status
affected
Version
11.6(2)ES07
Status
affected
Version
11.6(2)ES08
Status
affected
Version
12.5(1)_SU01_ES01
Status
affected
Version
12.0(1)ES04
Status
affected
Version
12.5(1)ES02
Status
affected
Version
12.5(1)ES03
Status
affected
Version
11.6(2)ES06
Status
affected
Version
12.5(1)ES01
Status
affected
Version
12.0(1)ES03
Status
affected
Version
12.0(1)ES01
Status
affected
Version
11.6(2)ES05
Status
affected
Version
12.0(1)ES02
Status
affected
Version
11.6(2)ES04
Status
affected
Version
11.6(2)ES03
Status
affected
Version
11.6(2)ES02
Status
affected
Version
11.6(2)ES01
Status
affected
Version
10.6(1)SU3ES03
Status
affected
Version
11.0(1)SU1ES03
Status
affected
Version
10.6(1)SU3ES01
Status
affected
Version
10.5(1)SU1ES10
Status
affected
Version
11.5(1)SU1ES03
Status
affected
Version
11.6(1)ES02
Status
affected
Version
11.5(1)ES01
Status
affected
Version
10.6(1)SU2
Status
affected
Version
10.6(1)SU2ES04
Status
affected
Version
11.6(1)ES01
Status
affected
Version
10.6(1)SU3ES02
Status
affected
Version
11.5(1)SU1ES02
Status
affected
Version
11.5(1)SU1ES01
Status
affected
Version
11.0(1)SU1ES02
Status
affected
Version
12.5(1)_SU03_ES03
Status
affected
Version
12.5(1)_SU03_ES04
Status
affected
Version
12.5(1)_SU03_ES05
Status
affected
Version
UCCX 15.0.1
Status
affected
Version
12.5(1)_SU03_ES06
Status
affected
HerstellerCisco
≫
Produkt
Cisco Unified Intelligence Center
Default Statusunknown
Version
11.6(1)
Status
affected
Version
10.5(1)
Status
affected
Version
11.0(1)
Status
affected
Version
11.5(1)
Status
affected
Version
12.0(1)
Status
affected
Version
12.5(1)
Status
affected
Version
11.0(2)
Status
affected
Version
12.6(1)
Status
affected
Version
12.5(1)SU
Status
affected
Version
12.6(1)_ET
Status
affected
Version
12.6(1)_ES05_ET
Status
affected
Version
11.0(3)
Status
affected
Version
12.6(2)
Status
affected
Version
12.6(2)_504_Issue_ET
Status
affected
Version
12.6.1_ExcelIssue_ET
Status
affected
Version
12.6(2)_Permalink_ET
Status
affected
Version
12.6.2_CSCwk19536_ET
Status
affected
Version
12.6.2_CSCwm96922_ET
Status
affected
Version
12.6.2_Amq_OOS_ET
Status
affected
Version
12.5(2)ET_CSCwi79933
Status
affected
Version
12.6(2)_ET
Status
affected
Version
12.6.2_CSCwn48501_ET
Status
affected
Version
15.0(1)
Status
affected
Version
12.6.2_CSCwp61293_ET
Status
affected
Version
12.6.2_CSCwp92614_ET
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.15 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.