Cisco Unified Contact Center Enterprise vulnerabilities

10 known vulnerabilities affecting cisco/cisco_unified_contact_center_enterprise.

Total CVEs
10
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2026-20055MEDIUMCVSS 4.8v12.6(1)ES3v12.6(1)ES1+20 more2026-01-21
CVE-2026-20055 [MEDIUM] CWE-79 CVE-2026-20055: Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Ente Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Th
cvelistv5nvd
CVE-2026-20109MEDIUMCVSS 4.8v12.6(1)ES3v12.6(1)ES1+21 more2026-01-21
CVE-2026-20109 [MEDIUM] CWE-79 CVE-2026-20109: Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Ente Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Th
cvelistv5nvd
CVE-2025-20377MEDIUMCVSS 4.3v12.6(1)ES3v12.6(1)ES1+19 more2025-11-05
CVE-2025-20377 [MEDIUM] CWE-200 CVE-2025-20377: A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticat A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific
cvelistv5nvd
CVE-2025-20242CRITICALCVSS 9.1vN/A2025-05-21
CVE-2025-20242 [CRITICAL] CWE-284 CVE-2025-20242: A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) coul A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending crafted TCP data to a specific
cvelistv5nvd
CVE-2024-20404MEDIUMCVSS 5.3PoCvN/A2024-06-05
CVE-2024-20404 [MEDIUM] CWE-918 CVE-2024-20404: A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticate A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerabilit
cvelistv5nvd
CVE-2024-20405MEDIUMCVSS 6.1vN/A2024-06-05
CVE-2024-20405 [MEDIUM] CWE-20 CVE-2024-20405: A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticate A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit
cvelistv5nvd
CVE-2024-20253CRITICALCVSS 10.0vN/A2024-01-26
CVE-2024-20253 [CRITICAL] CWE-502 CVE-2024-20253: A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by se
cvelistv5nvd
CVE-2023-20088HIGHCVSS 7.5vn/a2023-03-03
CVE-2023-20088 [HIGH] CWE-285 CVE-2023-20088: A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the revers
cvelistv5nvd
CVE-2023-20058MEDIUMCVSS 6.1vN/A2023-01-20
CVE-2023-20058 [MEDIUM] CWE-79 CVE-2023-20058: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could all A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An att
cvelistv5nvd
CVE-2020-3163MEDIUMCVSS 5.9≥ unspecified, < n/a2020-02-19
CVE-2020-3163 [MEDIUM] CWE-362 CVE-2020-3163: A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an un A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit t
cvelistv5nvd