cbcvebase.
CVE-2022-20658
published 2022-01-14

CVE-2022-20658: A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain…

PriorityP263critical9.6CVSS 3.1
AVNACLPRLUINSCCHIHAN
EPSS
1.39%
69.0th percentile
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials.

Affected

5 ranges
VendorProductVersion rangeFixed in
ciscocisco_unified_contact_center_domain_manager
ciscounified_contact_center_express
ciscounified_contact_center_express
ciscounified_contact_center_management_portal<= 11.6.1
ciscounified_contact_center_management_portal_and_unified_contact_center_domain_manag

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit requires an authenticated session with valid Advanced User credentials; monitor for privilege escalation attempts (e.g., Administrator account creation) originating from Advanced User accounts in Cisco Unified CCMP/CCDM web management interface.
  • Detect crafted HTTP requests to the Cisco Unified CCMP/CCDM web-based management interface that attempt to create Administrator accounts without proper server-side permission validation.
  • Alert on unexpected Administrator account creation events within Cisco Unified CCMP and associated Unified platforms, especially when initiated by non-Administrator (Advanced User) sessions.
  • ·The vulnerability is due to missing server-side validation of user permissions; client-side controls alone are insufficient and exploitation does not require any special network position — only valid Advanced User credentials.
  • ·There are no workarounds available; the only remediation is applying Cisco's software updates.
  • ·Cisco internal bug tracker reference for this vulnerability is CSCvz49473, which may be useful for correlating vendor patch notes and internal advisories.

CVSS provenance

nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
nvdv2.08.5HIGHAV:N/AC:L/Au:S/C:C/I:C/A:N
vendor_cisco9.6CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.