CVE-2022-20658

CWE-602 CWE-6694 documents4 sources

Severity

9.6CRITICAL

EPSS

0.3%

top 50.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Contact Center Management Portal Cisco Cisco Unified Contact Center Domain Manager Cisco Unified Contact Center Express

Timeline

PublishedJan 14

Latest updateJan 15

Description

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow th…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:NExploitability: 3.1 | Impact: 5.8

Affected Packages3 packages

▶NVDcisco/unified_contact_center_management_portal11.6.1

▶CVEListV5cisco/cisco_unified_contact_center_domain_managern/a

▶NVDcisco/unified_contact_center_express12.0.1, 12.5.1+1

🔴Vulnerability Details

GHSA

GHSA-862p-mjj9-4wcq: A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Cente↗2022-01-15

▶

CVEList

Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability↗2022-01-14

▶

📋Vendor Advisories

Cisco

Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability↗2022-01-12

▶