Cisco Unified Contact Center Express vulnerabilities

CVE-2025-20358 [CRITICAL] CWE-306 CVE-2025-20358: A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could al A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authentication mechanisms in the communication between the CCX

CVE-2025-20354 [CRITICAL] CWE-434 CVE-2025-20354: A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified C

CVE-2025-20375 [MEDIUM] CWE-434 CVE-2025-20375: A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a crafted file to the web UI. A successful exploit could al

CVE-2025-20376 [MEDIUM] CWE-434 CVE-2025-20376: A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a malicious file to the web UI and executing it. A succes

CVE-2025-20374 [MEDIUM] CWE-22 CVE-2025-20374: A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A s

CVE-2025-20274 [MEDIUM] CWE-434 CVE-2025-20274: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could all A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by u

CVE-2025-20288 [MEDIUM] CWE-918 CVE-2025-20288: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could all A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability

CVE-2025-20275 [MEDIUM] CWE-502 CVE-2025-20275: A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Ed A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading a

CVE-2025-20276 [LOW] CWE-502 CVE-2025-20276: A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authentica A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insecure deserialization of Java objects by the affected software.

CVE-2025-20278 [MEDIUM] CWE-77 CVE-2025-20278: A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenti A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerab

CVE-2025-20129 [MEDIUM] CWE-200 CVE-2025-20129: A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), form A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could

CVE-2025-20279 [MEDIUM] CWE-79 CVE-2025-20279: A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authentica A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper sanitization of user input to the web-based manage

CVE-2025-20277 [LOW] CWE-22 CVE-2025-20277: A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authentica A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limitation of a pathname to a restricted directory (path tr

CVE-2025-20113 [HIGH] CWE-602 CVE-2025-20113: A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker t A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerabili

CVE-2025-20114 [MEDIUM] CWE-639 CVE-2025-20114: A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted

CVE-2024-20253 [CRITICAL] CWE-502 CVE-2024-20253: A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by se

CVE-2023-20232 [MEDIUM] CWE-20 CVE-2023-20232: A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP re

CVE-2023-20096 [MEDIUM] CWE-79 CVE-2023-20096: A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unifi A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by entering craf

CVE-2023-20058 [MEDIUM] CWE-79 CVE-2023-20058: A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could all A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An att

CVE-2022-20658 [CRITICAL] CWE-602 CVE-2022-20658: A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Por A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user per