113 matches found
Deserialization of untrusted data
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affecte...
CVE-2020-3280
CVE-2020-3280 affects Cisco Unified Contact Center Express (Unified CCX) via insecure deserialization in the Java Remote Management Interface, enabling an unauthenticated, remote attacker to execute code as root by sending a malicious serialized Java object to a specific listener. Cisco’s advisor...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in Unified CCX software and Prime Network Registrar. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Critical Cisco Bug in Unified CCX Allows Remote Code Execution
Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express CCX. Cisco’s Unified CCX software is touted as a “contact center in a box” that allows companies to deploy customer-care applications. Th...
Cisco Unified Contact Center Express Privilege Escalation Vulnerability
A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid...
CVE-2019-12633
CVE-2019-12633 refers to a Server-Side Request Forgery (SSRF) vulnerability in Cisco Unified Contact Center Express (Unified CCX). The root cause is improper validation of user-supplied input on the affected web interface, allowing an unauthenticated, remote attacker to bypass access controls and...
CVE-2019-12626
CVE-2019-12626 concerns Cisco Unified Contact Center Express (Unified CCX) and its web-based management interface. The issue is a stored cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input, exploitable when an authenticated attacker entices an adminis...
Intel® PROSet/Wireless WiFi Software Vulnerabilities - US
Lenovo Security Advisory: LEN-24443 Potential Impact: Elevation of Privilege, Denial of Service, Information Disclosure Severity: High Scope of Impact: Systems with specific versions of Intel® PROSet/Wireless WiFi Software CVE Identifier: CVE-2006-7250, CVE-2007-3108, CVE-2007-4995, CVE-2007-5135...
Intel® PROSet/Wireless WiFi Software Advisory
Summary: Multiple potential security vulnerabilities in Cisco Compatible eXtensions CCX component in Intel® PROSet/Wireless WiFi Software may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing PROSet/Wireless WiFi Software updates to mitigate this...
CVE-2018-0401
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. Cisco Bug IDs: CSCvg70967...
CVE-2018-0402
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. Cisco Bug IDs: CSCvg70921...
CVE-2018-0403
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040...
Cross site request forgery (csrf)
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. Cisco Bug IDs: CSCvg70921...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. Cisco Bug IDs: CSCvg70904...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. Cisco Bug IDs: CSCvg70967...
CVE-2018-0403
CVE-2018-0403 affects Cisco Unified Contact Center Express (Unified CCX) through its web-based management interface. The root cause is the web UI pre-populating the login form password field with previously stored passwords from an internal database, enabling an unauthenticated, remote attacker t...
CVE-2018-0402
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. Cisco Bug IDs: CSCvg70921...
CVE-2018-0400
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. Cisco Bug IDs: CSCvg70904...
CVE-2014-2102
Cisco Unified Contact Center Express Unified CCX does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express Unified CCX allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502...