CVE-2022-20658
published 2022-01-14CVE-2022-20658: A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain…
PriorityP263critical9.6CVSS 3.1
AVNACLPRLUINSCCHIHAN
EPSS
1.39%
69.0th percentile
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_unified_contact_center_domain_manager | — | — |
| cisco | unified_contact_center_express | — | — |
| cisco | unified_contact_center_express | — | — |
| cisco | unified_contact_center_management_portal | <= 11.6.1 | — |
| cisco | unified_contact_center_management_portal_and_unified_contact_center_domain_manag | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit requires an authenticated session with valid Advanced User credentials; monitor for privilege escalation attempts (e.g., Administrator account creation) originating from Advanced User accounts in Cisco Unified CCMP/CCDM web management interface. ↗
- →Detect crafted HTTP requests to the Cisco Unified CCMP/CCDM web-based management interface that attempt to create Administrator accounts without proper server-side permission validation. ↗
- →Alert on unexpected Administrator account creation events within Cisco Unified CCMP and associated Unified platforms, especially when initiated by non-Administrator (Advanced User) sessions. ↗
- ·The vulnerability is due to missing server-side validation of user permissions; client-side controls alone are insufficient and exploitation does not require any special network position — only valid Advanced User credentials. ↗
- ·There are no workarounds available; the only remediation is applying Cisco's software updates. ↗
- ·Cisco internal bug tracker reference for this vulnerability is CSCvz49473, which may be useful for correlating vendor patch notes and internal advisories. ↗
CVSS provenance
nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
nvdv2.08.5HIGHAV:N/AC:L/Au:S/C:C/I:C/A:N
vendor_cisco9.6CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability
vendor_cisco·2022-01-12·CVSS 9.6
CVE-2022-20658 [CRITICAL] CWE-602 Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability
Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator.
This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are
Cisco
Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability
vendor_cisco·CVSS 3.1
CVE-2022-20658 Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability
CVE-2022-20658: Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator . This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified plat
GHSA
GHSA-862p-mjj9-4wcq: A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Cente
ghsa_unreviewed·2022-01-15
CVE-2022-20658 [CRITICAL] CWE-669 GHSA-862p-mjj9-4wcq: A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Cente
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Adva
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-01-14
Published