Cisco Unified Contact Center Express Remote Code Execution Vulnerability
CVE-2020-3280

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Unified Contact Center Express
Vendor: CVE Published:; 22 May 2020

Badges

👾 Exploit Exists

Summary

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device.

Affected Version(s)

Cisco Unified Contact Center Express

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
May 22, 2020
Vulnerability Reserved
Dec 12, 2019