Cisco Packaged Contact Center Enterprise vulnerabilities

4 known vulnerabilities affecting cisco/packaged_contact_center_enterprise.

Total CVEs

4

CISA KEV

1

actively exploited

Public exploits

1

Exploited in wild

1

Severity breakdown

CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2023-20058MEDIUMCVSS 6.1≥ 9.0\(1\), < 12.5\(1\)_su2_es05≥ 12.5\(1\)_su2, < 12.5\(1\)_su2_es052023-01-20

CVE-2023-20058 [MEDIUM] CWE-79 CVE-2023-20058: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could all A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An att

CVE-2021-44228CRITICALCVSS 10.0KEVPoCfixed in 11.6v11.6\(1\)2021-12-10

CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD

CVE-2018-0445HIGHCVSS 8.8v11.6\(1\)2018-10-05

CVE-2018-0445 [HIGH] CWE-352 CVE-2018-0445: A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise co A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker

CVE-2018-0444MEDIUMCVSS 6.1v11.6\(1\)2018-10-05

CVE-2018-0444 [MEDIUM] CWE-352 CVE-2018-0444: A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise co A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit thi