CVE-2020-3280

CWE-20Improper Input ValidationCWE-502Deserialization of Untrusted Data4 documents4 sources
Severity
9.8CRITICAL
EPSS
6.3%
top 9.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Contact Center ExpressCisco Cisco Unified Contact Center Express
Timeline
PublishedMay 22
Latest updateMay 24

Description

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to exe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDcisco/unified_contact_center_express12.012.0\(1\)es03

🔴Vulnerability Details

2
GHSA
GHSA-7qv8-fcr4-9523: A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote a2022-05-24
CVEList
Cisco Unified Contact Center Express Remote Code Execution Vulnerability2020-05-22

📋Vendor Advisories

1
Cisco
Cisco Unified Contact Center Express Remote Code Execution Vulnerability2020-05-20
CVE-2020-3280 (CRITICAL CVSS 9.8) | A vulnerability in the Java Remote | cvebase.io