Cisco Unified Contact Center Express vulnerabilities

CVE-2026-20116 [MEDIUM] CWE-79 CVE-2026-20116: A vulnerability in the web-based management interface of  Cisco Finesse, Cisco Packaged Contact A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Unified Contact Center Express (Unified CCX), and Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct cross-site scriptin

CVE-2026-20117 [MEDIUM] CWE-79 CVE-2026-20117: A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unifi A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability exists because the web-based management interface of an affected system does not sufficiently val

CVE-2025-20358 [CRITICAL] CWE-306 CVE-2025-20358: A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could al A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authentication mechanisms in the communication between the CCX

CVE-2025-20354 [CRITICAL] CWE-434 CVE-2025-20354: A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified C

CVE-2025-20375 [MEDIUM] CWE-434 CVE-2025-20375: A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a crafted file to the web UI. A successful exploit could al

CVE-2025-20376 [MEDIUM] CWE-434 CVE-2025-20376: A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a malicious file to the web UI and executing it. A succes

CVE-2025-20377 [MEDIUM] CWE-200 CVE-2025-20377: A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticat A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific

CVE-2025-20374 [MEDIUM] CWE-22 CVE-2025-20374: A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A s

CVE-2025-20274 [MEDIUM] CWE-434 CVE-2025-20274: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could all A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by u

CVE-2025-20288 [MEDIUM] CWE-918 CVE-2025-20288: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could all A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability

CVE-2025-20275 [MEDIUM] CWE-502 CVE-2025-20275: A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Ed A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading a

CVE-2025-20276 [LOW] CWE-502 CVE-2025-20276: A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authentica A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insecure deserialization of Java objects by the affected software.

CVE-2025-20278 [MEDIUM] CWE-77 CVE-2025-20278: A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenti A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerab

CVE-2025-20279 [MEDIUM] CWE-79 CVE-2025-20279: A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authentica A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper sanitization of user input to the web-based manage

CVE-2025-20129 [MEDIUM] CWE-200 CVE-2025-20129: A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), form A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could

CVE-2025-20277 [LOW] CWE-22 CVE-2025-20277: A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authentica A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limitation of a pathname to a restricted directory (path tr

CVE-2025-20113 [HIGH] CWE-602 CVE-2025-20113: A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker t A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerabili

CVE-2025-20112 [MEDIUM] CWE-268 CVE-2025-20112: A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing craf

CVE-2025-20114 [MEDIUM] CWE-639 CVE-2025-20114: A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted

CVE-2024-20404 [HIGH] CWE-918 CVE-2024-20404: A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticate A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability