CVE-2020-3267 — Improper Authorization in Cisco Unified Contact Center Express

CWE-285 — Improper Authorization CWE-552 — Files or Directories Accessible to External Parties4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.3%

top 44.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Contact Center Express Cisco Unified Contact Center Express

Timeline

PublishedJun 3

Latest updateMay 24

Description

A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by authenticating to an affected system with valid agent credentials and performing a specific API call with crafted input. A successful exploit could allow the attacker to change t…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

▶NVDcisco/unified_contact_center_express< 12.5\(1\)

▶CVEListV5cisco/cisco_unified_contact_center_expressn/a

🔴Vulnerability Details

GHSA

GHSA-9vch-84p9-292x: A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the↗2022-05-24

▶

CVEList

Cisco Unified Contact Center Express Improper API Authorization Vulnerability↗2020-06-03

▶

📋Vendor Advisories

Cisco

Cisco Unified Contact Center Express Improper API Authorization Vulnerability↗2020-06-03

▶