CVE-2020-3280

Cisco Unified Contact Center Express Remote Code Execution Vulnerability

CVSS 9.8 CRITICALEPSS 6.9%CWE-20

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.8EPSS 6.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

22 mai 2020Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

Cisco · Cisco Unified Contact Center Express

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-rce-GMSC6RKN