Cisco Unified Intelligence Center vulnerabilities

CVE-2025-20377 [MEDIUM] CWE-200 CVE-2025-20377: A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticat A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific

CVE-2025-20274 [MEDIUM] CWE-434 CVE-2025-20274: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could all A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by u

CVE-2025-20288 [MEDIUM] CWE-918 CVE-2025-20288: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could all A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability

CVE-2025-20278 [MEDIUM] CWE-77 CVE-2025-20278: A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenti A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerab

CVE-2025-20113 [HIGH] CWE-602 CVE-2025-20113: A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker t A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerabili

CVE-2025-20112 [MEDIUM] CWE-268 CVE-2025-20112: A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing craf

CVE-2025-20114 [MEDIUM] CWE-639 CVE-2025-20114: A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted

CVE-2024-20325 [MEDIUM] CWE-284 CVE-2024-20325: A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthen A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker coul

CVE-2023-20062 [MEDIUM] CWE-200 CVE-2023-20062: Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote a Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.

CVE-2023-20061 [MEDIUM] CWE-200 CVE-2023-20061: Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote a Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.

CVE-2023-20058 [MEDIUM] CWE-79 CVE-2023-20058: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could all A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An att

CVE-2019-1860 [MEDIUM] CWE-99 CVE-2019-1860: A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow a A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user’s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by fo

CVE-2019-1658 [MEDIUM] CWE-352 CVE-2019-1658: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could all A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacke