Cisco

Unified Contact Center Express

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-20377

  • EPSS 0.05%
  • Veröffentlicht 05.11.2025 16:31:52
  • Zuletzt bearbeitet 06.11.2025 19:45:30

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certai...

7.2

CVE-2025-20375

Medienbericht
  • EPSS 0.05%
  • Veröffentlicht 05.11.2025 16:31:43
  • Zuletzt bearbeitet 17.11.2025 19:40:23

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker c...

7.2

CVE-2025-20376

Medienbericht
  • EPSS 0.06%
  • Veröffentlicht 05.11.2025 16:31:38
  • Zuletzt bearbeitet 17.11.2025 19:39:35

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker...

4.9

CVE-2025-20374

Medienbericht
  • EPSS 0.26%
  • Veröffentlicht 05.11.2025 16:31:23
  • Zuletzt bearbeitet 17.11.2025 19:40:48

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific ...

9.8

CVE-2025-20358

Medienbericht
  • EPSS 0.4%
  • Veröffentlicht 05.11.2025 16:31:23
  • Zuletzt bearbeitet 07.11.2025 15:43:44

A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. ...

9.8

CVE-2025-20354

Medienbericht
  • EPSS 0.14%
  • Veröffentlicht 05.11.2025 16:31:14
  • Zuletzt bearbeitet 07.11.2025 15:44:35

A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vuln...

5.3

CVE-2025-20288

Medienbericht
  • EPSS 0.01%
  • Veröffentlicht 16.07.2025 16:16:55
  • Zuletzt bearbeitet 22.07.2025 14:40:58

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due...

8.8

CVE-2025-20274

Medienbericht
  • EPSS 0.22%
  • Veröffentlicht 16.07.2025 16:16:28
  • Zuletzt bearbeitet 22.07.2025 14:37:11

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files tha...

4.8

CVE-2025-20279

  • EPSS 0.03%
  • Veröffentlicht 04.06.2025 16:18:20
  • Zuletzt bearbeitet 22.07.2025 13:41:39

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative ...

6.7

CVE-2025-20278

  • EPSS 0.01%
  • Veröffentlicht 04.06.2025 16:18:20
  • Zuletzt bearbeitet 31.07.2025 15:02:05

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability i...