The CVE-2020-3280 vulnerability is a remote code execution issue that resides in the Java remote management interface for Unified CCE.
“A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.” reads the security advisory published by Cisco.
“The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system.”
An unauthenticated, remote attacker could exploit the issue to execute arbitrary code as the root user on a vulnerable device.
The issue could be exploited by supplying a malformed Java object to a specific listener on an vulnerable system
Administrators should update their Unified CCE installs as soon as possible.
The good news is that Cisco is not aware of attacks in the wild that exploited the flaw.
(SecurityAffairs – Unified CCE, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.