CVE-2019-1888Unrestricted File Upload in Cisco Unified Contact Center Express

CWE-434Unrestricted File Upload4 documents4 sources
Severity
7.2HIGHNVD
EPSS
1.5%
top 19.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Unified Contact Center ExpressCisco Unified Contact Center ExpressCisco Unified IP Interactive Voice Response
Timeline
PublishedSep 23
Latest updateMay 24

Description

A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid Administrator credentials. The vulnerability is due to insufficient restrictions for the content uploaded to an affected system. An attacker could exploit this vulnerability by uploading arbitrary files contain

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

NVDcisco/unified_contact_center_express11.6\(1\), 11.6\(2\), 12.0\(1\)+2

🔴Vulnerability Details

2
GHSA
GHSA-93x8-xp39-6r6f: A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacke2022-05-24
CVEList
Cisco Unified Contact Center Express Privilege Escalation Vulnerability2020-09-23

📋Vendor Advisories

1
Cisco
Cisco Unified Contact Center Express Privilege Escalation Vulnerability2020-02-19
CVE-2019-1888 — Unrestricted File Upload in Cisco | cvebase