Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for Cisco Packaged Contact Center Enterprise by Cisco

    CVE-2026-20109 (GCVE-0-2026-20109)

    Vulnerability from nvd – Published: 2026-01-21 16:26 – Updated: 2026-01-21 16:46
    VLAI
    Title
    Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerability
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.  These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Packaged Contact Center Enterprise Affected: 12.5(1)
    Affected: 11.0(1)
    Affected: 12.0(1)
    Affected: 11.0(2)
    Affected: 11.5(1)
    Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 11.6(2)
    Affected: 10.5(1)_ES7
    Affected: 11.6(1)
    Affected: 10.5(2)_ES8
    Affected: 12.6(1)
    Affected: 12.5(2)
    Affected: 12.6(2)
    Affected: 15.0(1)
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Enterprise Affected: 12.6(1)ES3
    Affected: 12.6(1)ES1
    Affected: 12.6(1)
    Affected: 12.6(1)ES2
    Affected: 12.6(1)SecurityPatch
    Affected: 12.5(1)ES1
    Affected: 12.5(1)
    Affected: 12.6(1)ES4
    Affected: 11.0(1)
    Affected: 10.5(1)
    Affected: 12.0(1)
    Affected: 10.5
    Affected: 11.0
    Affected: 11.5
    Affected: 12.6(2)
    Affected: 12.6(2)ES1
    Affected: 12.6(2)ES2
    Affected: 15.0(1)
    Affected: 12.6(2)ES3
    Affected: 15.0(1)ET01
    Affected: 15.0(1)_SP1
    Affected: 15.0(1)ES202508
    Affected: 12.6(2)_ES
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20109",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-21T16:45:34.998195Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-21T16:46:11.154Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SecurityPatch"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5"
                },
                {
                  "status": "affected",
                  "version": "11.0"
                },
                {
                  "status": "affected",
                  "version": "11.5"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES3"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)ET01"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)_SP1"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)ES202508"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.\u0026nbsp;\r\n\r\nThese vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-21T16:26:19.268Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ucce-pcce-xss-2JVyg3uD",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ucce-pcce-xss-2JVyg3uD",
            "defects": [
              "CSCwr61043"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20109",
        "datePublished": "2026-01-21T16:26:19.268Z",
        "dateReserved": "2025-10-08T11:59:15.374Z",
        "dateUpdated": "2026-01-21T16:46:11.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20055 (GCVE-0-2026-20055)

    Vulnerability from nvd – Published: 2026-01-21 16:26 – Updated: 2026-01-21 16:50
    VLAI
    Title
    Cisco Packaged Contact Center Enterprise & Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerability
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.  These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Packaged Contact Center Enterprise Affected: 12.5(1)
    Affected: 11.0(1)
    Affected: 12.0(1)
    Affected: 11.0(2)
    Affected: 11.5(1)
    Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 11.6(2)
    Affected: 10.5(1)_ES7
    Affected: 11.6(1)
    Affected: 10.5(2)_ES8
    Affected: 12.6(1)
    Affected: 12.5(2)
    Affected: 12.6(2)
    Affected: 15.0(1)
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Enterprise Affected: 12.6(1)ES3
    Affected: 12.6(1)ES1
    Affected: 12.6(1)
    Affected: 12.6(1)ES2
    Affected: 12.6(1)SecurityPatch
    Affected: 12.5(1)ES1
    Affected: 12.5(1)
    Affected: 12.6(1)ES4
    Affected: 11.0(1)
    Affected: 10.5(1)
    Affected: 12.0(1)
    Affected: 10.5
    Affected: 11.0
    Affected: 11.5
    Affected: 12.6(2)
    Affected: 12.6(2)ES1
    Affected: 12.6(2)ES2
    Affected: 15.0(1)
    Affected: 12.6(2)ES3
    Affected: 15.0(1)ET01
    Affected: 15.0(1)_SP1
    Affected: 15.0(1)ES202508
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20055",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-21T16:49:34.459898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-21T16:50:04.517Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SecurityPatch"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5"
                },
                {
                  "status": "affected",
                  "version": "11.0"
                },
                {
                  "status": "affected",
                  "version": "11.5"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES3"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)ET01"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)_SP1"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)ES202508"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.\u0026nbsp;\r\n\r\nThese vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-21T16:26:05.871Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ucce-pcce-xss-2JVyg3uD",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ucce-pcce-xss-2JVyg3uD",
            "defects": [
              "CSCwp27481"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Packaged Contact Center Enterprise \u0026 Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20055",
        "datePublished": "2026-01-21T16:26:05.871Z",
        "dateReserved": "2025-10-08T11:59:15.355Z",
        "dateUpdated": "2026-01-21T16:50:04.517Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20377 (GCVE-0-2025-20377)

    Vulnerability from nvd – Published: 2025-11-05 16:31 – Updated: 2025-11-21 14:23
    VLAI
    Title
    Cisco Unified Intelligence Center API Information Disclosure Vulnerability
    Summary
    A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected system that should be restricted. To exploit this vulnerability, the attacker must have valid user credentials on the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Packaged Contact Center Enterprise Affected: 12.5(1)
    Affected: 11.0(1)
    Affected: 12.0(1)
    Affected: 11.0(2)
    Affected: 11.5(1)
    Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 11.6(2)
    Affected: 10.5(1)_ES7
    Affected: 11.6(1)
    Affected: 10.5(2)_ES8
    Affected: 12.6(1)
    Affected: 12.5(2)
    Affected: 12.6(2)
    Affected: 15.0(1)
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Enterprise Affected: 12.6(1)ES3
    Affected: 12.6(1)ES1
    Affected: 12.6(1)
    Affected: 12.6(1)ES2
    Affected: 12.6(1)SecurityPatch
    Affected: 12.5(1)ES1
    Affected: 12.5(1)
    Affected: 12.6(1)ES4
    Affected: 11.0(1)
    Affected: 10.5(1)
    Affected: 12.0(1)
    Affected: 10.5
    Affected: 11.0
    Affected: 11.5
    Affected: 12.6(2)
    Affected: 12.6(2)ES1
    Affected: 12.6(2)ES2
    Affected: 15.0(1)
    Affected: 12.6(2)ES3
    Affected: 15.0(1)ET01
    Affected: 15.0(1)_SP1
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 10.5(1)SU1
    Affected: 10.6(1)
    Affected: 11.6(1)
    Affected: 10.6(1)SU1
    Affected: 10.6(1)SU3
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 11.0(1)SU1
    Affected: 11.5(1)SU1
    Affected: 10.5(1)
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)_SU02_ES01
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.0(1)ES04
    Affected: 12.5(1)ES02
    Affected: 12.5(1)ES03
    Affected: 11.6(2)ES06
    Affected: 12.5(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES01
    Affected: 11.6(2)ES05
    Affected: 12.0(1)ES02
    Affected: 11.6(2)ES04
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES01
    Affected: 10.6(1)SU3ES03
    Affected: 11.0(1)SU1ES03
    Affected: 10.6(1)SU3ES01
    Affected: 10.5(1)SU1ES10
    Affected: 11.5(1)SU1ES03
    Affected: 11.6(1)ES02
    Affected: 11.5(1)ES01
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU2ES04
    Affected: 11.6(1)ES01
    Affected: 10.6(1)SU3ES02
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 11.0(1)SU1ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 12.5(1)_SU03_ES05
    Affected: UCCX 15.0.1
    Affected: 12.5(1)_SU03_ES06
    Create a notification for this product.
    Cisco Cisco Unified Intelligence Center Affected: 11.6(1)
    Affected: 10.5(1)
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 11.0(2)
    Affected: 12.6(1)
    Affected: 12.5(1)SU
    Affected: 12.6(1)_ET
    Affected: 12.6(1)_ES05_ET
    Affected: 11.0(3)
    Affected: 12.6(2)
    Affected: 12.6(2)_504_Issue_ET
    Affected: 12.6.1_ExcelIssue_ET
    Affected: 12.6(2)_Permalink_ET
    Affected: 12.6.2_CSCwk19536_ET
    Affected: 12.6.2_CSCwm96922_ET
    Affected: 12.6.2_Amq_OOS_ET
    Affected: 12.5(2)ET_CSCwi79933
    Affected: 12.6(2)_ET
    Affected: 12.6.2_CSCwn48501_ET
    Affected: 15.0(1)
    Affected: 12.6.2_CSCwp61293_ET
    Affected: 12.6.2_CSCwp92614_ET
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20377",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-05T20:13:55.442333Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-05T20:14:05.911Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SecurityPatch"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5"
                },
                {
                  "status": "affected",
                  "version": "11.0"
                },
                {
                  "status": "affected",
                  "version": "11.5"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES3"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)ET01"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)_SP1"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES05"
                },
                {
                  "status": "affected",
                  "version": "UCCX 15.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES06"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Intelligence Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05_ET"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_504_Issue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.1_ExcelIssue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_Permalink_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwk19536_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwm96922_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_Amq_OOS_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)ET_CSCwi79933"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwn48501_ET"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwp61293_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwp92614_ET"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system.\r\n\r\nThis vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected system that should be restricted. To exploit this vulnerability, the attacker must have valid user credentials on the affected system."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-21T14:23:13.993Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cc-mult-vuln-gK4TFXSn",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cc-mult-vuln-gK4TFXSn",
            "defects": [
              "CSCwo38545"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Unified Intelligence Center API Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20377",
        "datePublished": "2025-11-05T16:31:52.595Z",
        "dateReserved": "2024-10-10T19:15:13.263Z",
        "dateUpdated": "2025-11-21T14:23:13.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-20405 (GCVE-0-2024-20405)

    Vulnerability from nvd – Published: 2024-06-05 16:15 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20405",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-07T17:17:33.480316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-07T17:17:41.695Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.434Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Finesse",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                }
              ]
            },
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. \r\n\r This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-05T16:15:22.185Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew"
            }
          ],
          "source": {
            "advisory": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
            "defects": [
              "CSCwh95276"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20405",
        "datePublished": "2024-06-05T16:15:22.185Z",
        "dateReserved": "2023-11-08T15:08:07.661Z",
        "dateUpdated": "2024-08-01T21:59:42.434Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20404 (GCVE-0-2024-20404)

    Vulnerability from nvd – Published: 2024-06-05 16:14 – Updated: 2024-08-01 21:59
    Summary
    A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for services that are associated to the affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20404",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-05T18:11:49.476249Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-05T18:12:02.959Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.723Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Finesse",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                }
              ]
            },
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system.\r\n\r This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for services that are associated to the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-05T16:14:23.637Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew"
            }
          ],
          "source": {
            "advisory": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
            "defects": [
              "CSCwh95292"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20404",
        "datePublished": "2024-06-05T16:14:23.637Z",
        "dateReserved": "2023-11-08T15:08:07.661Z",
        "dateUpdated": "2024-08-01T21:59:42.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20253 (GCVE-0-2024-20253)

    Vulnerability from nvd – Published: 2024-01-26 17:28 – Updated: 2025-05-29 15:12
    VLAI
    Summary
    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Contact Center Enterprise Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 8.5(1)
    Affected: 9.0(2)SU3ES04
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU1ES04
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1ES10
    Affected: 10.6(1)
    Affected: 10.6(1)SU1
    Affected: 10.6(1)SU3
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU3ES03
    Affected: 10.6(1)SU2ES04
    Affected: 10.6(1)SU3ES02
    Affected: 10.6(1)SU3ES01
    Affected: 11.0(1)SU1
    Affected: 11.0(1)SU1ES03
    Affected: 11.0(1)SU1ES02
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 11.5(1)SU1ES03
    Affected: 11.5(1)ES01
    Affected: 12.0(1)
    Affected: 12.0(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES04
    Affected: 12.0(1)ES02
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)ES03
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)ES01
    Affected: 12.5(1)_SU02_ES01
    Affected: 12.5(1)ES02
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 11.6(1)ES01
    Affected: 11.6(2)ES06
    Affected: 11.6(1)ES02
    Affected: 11.6(2)ES01
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES05
    Affected: 11.6(2)ES04
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)ES29
    Affected: 11.5(1)ES32
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)ES36
    Affected: 11.5(1)_ES32
    Affected: 11.5(1)_ES29
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)ES43
    Affected: 11.5(1)_ES53
    Affected: 11.5(1)ES27
    Affected: 11.6(1)
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)_ES22
    Affected: 11.6(1)_ES81
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES84
    Affected: 11.6(1)_ES85
    Affected: 11.6(1)_ES83
    Affected: 11.6(1)_ES80
    Affected: 11.6(1)_ES86
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 12.5(1)_ES02
    Affected: 12.5(1)
    Affected: 12.5(1)_ES08
    Affected: 12.5(1)_ES03
    Affected: 12.5(1)_ES06
    Affected: 12.5(1)_ES09
    Affected: 12.5(1)_ES14
    Affected: 12.5(1)SU
    Affected: 12.5(1)_ES15
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.5(2)_ET
    Affected: 12.5(1)_SU_ES02
    Affected: 12.5(1)_ES10
    Affected: 12.0(1)
    Affected: 12.0(1)_ES02
    Affected: 12.0(1)_ES01
    Affected: 12.0(1)_ES06
    Affected: 12.0(1)_ES07
    Affected: 12.0(1)_ES05
    Affected: 12.0(1)_ES04
    Affected: 12.0(1)_ES03
    Affected: 12.0(1)_ES08
    Affected: 12.6(1)
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES03
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES05
    Affected: 12.6(2)_ES03
    Affected: 12.6(1)_ES02
    Affected: 12.6(1)_ES01
    Affected: 12.6(2)
    Affected: 12.6(2)_ET01
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(1)_ES07
    Create a notification for this product.
    Cisco Cisco Packaged Contact Center Enterprise Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(1)_ES7
    Affected: 10.5(2)_ES8
    Affected: 11.0(1)
    Affected: 11.0(2)
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 12.5(2)
    Affected: 12.6(1)
    Affected: 12.6(2)
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager / Cisco Unity Connection Affected: 10.5(2)SU10
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1a
    Affected: 10.5(2)
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU4
    Affected: 10.5(2)SU5
    Affected: 10.5(2)SU6
    Affected: 10.5(2)SU7
    Affected: 10.5(2)SU8
    Affected: 10.5(2)SU9
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU3a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU6a
    Affected: 11.0(1)
    Affected: 11.0(1a)
    Affected: 11.0(1a)SU1
    Affected: 11.0(1a)SU2
    Affected: 11.0(1a)SU3
    Affected: 11.0(1a)SU3a
    Affected: 11.0(1a)SU4
    Affected: 11.0.1
    Affected: 11.0.2
    Affected: 11.0.5
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU3b
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 10.0(1)SU2
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:31.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-rce-bWNzQcUm",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:42:43.844502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-29T15:12:21.257Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            },
            {
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                }
              ]
            },
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)_ES8"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(2)SU10"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU8"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU9"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.0.5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3b"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T15:42:33.881Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-rce-bWNzQcUm",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-rce-bWNzQcUm",
            "defects": [
              "CSCwe18830",
              "CSCwe18773",
              "CSCwe18840",
              "CSCwd64292",
              "CSCwd64245",
              "CSCwd64276"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20253",
        "datePublished": "2024-01-26T17:28:30.761Z",
        "dateReserved": "2023-11-08T15:08:07.622Z",
        "dateUpdated": "2025-05-29T15:12:21.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20058 (GCVE-0-2023-20058)

    Vulnerability from nvd – Published: 2023-01-19 01:38 – Updated: 2024-10-25 16:04
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Contact Center Enterprise Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 11.0(1)SU1
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 11.6(1)
    Affected: 11.6(2)
    Create a notification for this product.
    Cisco Cisco Unified Intelligence Center Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 12.5(1)SU
    Affected: 12.6(1)
    Create a notification for this product.
    Cisco Cisco Packaged Contact Center Enterprise Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 12.5(2)
    Affected: 12.6(1)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.869Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cuis-xss-Omm8jyBX",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20058",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:36:44.382026Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T16:04:17.660Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                }
              ]
            },
            {
              "product": "Cisco Unified Intelligence Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                }
              ]
            },
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "format": "cvssV3_0"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:39.867Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cuis-xss-Omm8jyBX",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cuis-xss-Omm8jyBX",
            "defects": [
              "CSCwc84104"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20058",
        "datePublished": "2023-01-19T01:38:26.055Z",
        "dateReserved": "2022-10-27T18:47:50.320Z",
        "dateUpdated": "2024-10-25T16:04:17.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0445 (GCVE-0-2018-0445)

    Vulnerability from nvd – Published: 2018-10-05 14:00 – Updated: 2024-11-26 14:42
    VLAI
    Title
    Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2018-09-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:10.658Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-0445",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:51:31.944024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:42:17.440Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-09-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-05T13:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20180905-pcce",
            "defect": [
              [
                "CSCvi88426"
              ]
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2018-09-05T16:00:00-0500",
              "ID": "CVE-2018-0445",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Packaged Contact Center Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20180905-pcce",
              "defect": [
                [
                  "CSCvi88426"
                ]
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2018-0445",
        "datePublished": "2018-10-05T14:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-11-26T14:42:17.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0444 (GCVE-0-2018-0444)

    Vulnerability from nvd – Published: 2018-10-05 14:00 – Updated: 2024-11-26 14:42
    VLAI
    Title
    Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2018-09-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:10.679Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-0444",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:48:37.567090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:42:31.082Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-09-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-05T13:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20180905-pcce",
            "defect": [
              [
                "CSCvi88426"
              ]
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2018-09-05T16:00:00-0500",
              "ID": "CVE-2018-0444",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Packaged Contact Center Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20180905-pcce",
              "defect": [
                [
                  "CSCvi88426"
                ]
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2018-0444",
        "datePublished": "2018-10-05T14:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-11-26T14:42:31.082Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-20109 (GCVE-0-2026-20109)

    Vulnerability from cvelistv5 – Published: 2026-01-21 16:26 – Updated: 2026-01-21 16:46
    VLAI
    Title
    Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerability
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.  These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Packaged Contact Center Enterprise Affected: 12.5(1)
    Affected: 11.0(1)
    Affected: 12.0(1)
    Affected: 11.0(2)
    Affected: 11.5(1)
    Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 11.6(2)
    Affected: 10.5(1)_ES7
    Affected: 11.6(1)
    Affected: 10.5(2)_ES8
    Affected: 12.6(1)
    Affected: 12.5(2)
    Affected: 12.6(2)
    Affected: 15.0(1)
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Enterprise Affected: 12.6(1)ES3
    Affected: 12.6(1)ES1
    Affected: 12.6(1)
    Affected: 12.6(1)ES2
    Affected: 12.6(1)SecurityPatch
    Affected: 12.5(1)ES1
    Affected: 12.5(1)
    Affected: 12.6(1)ES4
    Affected: 11.0(1)
    Affected: 10.5(1)
    Affected: 12.0(1)
    Affected: 10.5
    Affected: 11.0
    Affected: 11.5
    Affected: 12.6(2)
    Affected: 12.6(2)ES1
    Affected: 12.6(2)ES2
    Affected: 15.0(1)
    Affected: 12.6(2)ES3
    Affected: 15.0(1)ET01
    Affected: 15.0(1)_SP1
    Affected: 15.0(1)ES202508
    Affected: 12.6(2)_ES
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20109",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-21T16:45:34.998195Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-21T16:46:11.154Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SecurityPatch"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5"
                },
                {
                  "status": "affected",
                  "version": "11.0"
                },
                {
                  "status": "affected",
                  "version": "11.5"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES3"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)ET01"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)_SP1"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)ES202508"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.\u0026nbsp;\r\n\r\nThese vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-21T16:26:19.268Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ucce-pcce-xss-2JVyg3uD",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ucce-pcce-xss-2JVyg3uD",
            "defects": [
              "CSCwr61043"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20109",
        "datePublished": "2026-01-21T16:26:19.268Z",
        "dateReserved": "2025-10-08T11:59:15.374Z",
        "dateUpdated": "2026-01-21T16:46:11.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20055 (GCVE-0-2026-20055)

    Vulnerability from cvelistv5 – Published: 2026-01-21 16:26 – Updated: 2026-01-21 16:50
    VLAI
    Title
    Cisco Packaged Contact Center Enterprise & Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerability
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.  These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Packaged Contact Center Enterprise Affected: 12.5(1)
    Affected: 11.0(1)
    Affected: 12.0(1)
    Affected: 11.0(2)
    Affected: 11.5(1)
    Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 11.6(2)
    Affected: 10.5(1)_ES7
    Affected: 11.6(1)
    Affected: 10.5(2)_ES8
    Affected: 12.6(1)
    Affected: 12.5(2)
    Affected: 12.6(2)
    Affected: 15.0(1)
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Enterprise Affected: 12.6(1)ES3
    Affected: 12.6(1)ES1
    Affected: 12.6(1)
    Affected: 12.6(1)ES2
    Affected: 12.6(1)SecurityPatch
    Affected: 12.5(1)ES1
    Affected: 12.5(1)
    Affected: 12.6(1)ES4
    Affected: 11.0(1)
    Affected: 10.5(1)
    Affected: 12.0(1)
    Affected: 10.5
    Affected: 11.0
    Affected: 11.5
    Affected: 12.6(2)
    Affected: 12.6(2)ES1
    Affected: 12.6(2)ES2
    Affected: 15.0(1)
    Affected: 12.6(2)ES3
    Affected: 15.0(1)ET01
    Affected: 15.0(1)_SP1
    Affected: 15.0(1)ES202508
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20055",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-21T16:49:34.459898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-21T16:50:04.517Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SecurityPatch"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5"
                },
                {
                  "status": "affected",
                  "version": "11.0"
                },
                {
                  "status": "affected",
                  "version": "11.5"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES3"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)ET01"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)_SP1"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)ES202508"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.\u0026nbsp;\r\n\r\nThese vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-21T16:26:05.871Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ucce-pcce-xss-2JVyg3uD",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ucce-pcce-xss-2JVyg3uD",
            "defects": [
              "CSCwp27481"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Packaged Contact Center Enterprise \u0026 Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20055",
        "datePublished": "2026-01-21T16:26:05.871Z",
        "dateReserved": "2025-10-08T11:59:15.355Z",
        "dateUpdated": "2026-01-21T16:50:04.517Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20377 (GCVE-0-2025-20377)

    Vulnerability from cvelistv5 – Published: 2025-11-05 16:31 – Updated: 2025-11-21 14:23
    VLAI
    Title
    Cisco Unified Intelligence Center API Information Disclosure Vulnerability
    Summary
    A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected system that should be restricted. To exploit this vulnerability, the attacker must have valid user credentials on the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Packaged Contact Center Enterprise Affected: 12.5(1)
    Affected: 11.0(1)
    Affected: 12.0(1)
    Affected: 11.0(2)
    Affected: 11.5(1)
    Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 11.6(2)
    Affected: 10.5(1)_ES7
    Affected: 11.6(1)
    Affected: 10.5(2)_ES8
    Affected: 12.6(1)
    Affected: 12.5(2)
    Affected: 12.6(2)
    Affected: 15.0(1)
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Enterprise Affected: 12.6(1)ES3
    Affected: 12.6(1)ES1
    Affected: 12.6(1)
    Affected: 12.6(1)ES2
    Affected: 12.6(1)SecurityPatch
    Affected: 12.5(1)ES1
    Affected: 12.5(1)
    Affected: 12.6(1)ES4
    Affected: 11.0(1)
    Affected: 10.5(1)
    Affected: 12.0(1)
    Affected: 10.5
    Affected: 11.0
    Affected: 11.5
    Affected: 12.6(2)
    Affected: 12.6(2)ES1
    Affected: 12.6(2)ES2
    Affected: 15.0(1)
    Affected: 12.6(2)ES3
    Affected: 15.0(1)ET01
    Affected: 15.0(1)_SP1
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 10.5(1)SU1
    Affected: 10.6(1)
    Affected: 11.6(1)
    Affected: 10.6(1)SU1
    Affected: 10.6(1)SU3
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 11.0(1)SU1
    Affected: 11.5(1)SU1
    Affected: 10.5(1)
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)_SU02_ES01
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.0(1)ES04
    Affected: 12.5(1)ES02
    Affected: 12.5(1)ES03
    Affected: 11.6(2)ES06
    Affected: 12.5(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES01
    Affected: 11.6(2)ES05
    Affected: 12.0(1)ES02
    Affected: 11.6(2)ES04
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES01
    Affected: 10.6(1)SU3ES03
    Affected: 11.0(1)SU1ES03
    Affected: 10.6(1)SU3ES01
    Affected: 10.5(1)SU1ES10
    Affected: 11.5(1)SU1ES03
    Affected: 11.6(1)ES02
    Affected: 11.5(1)ES01
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU2ES04
    Affected: 11.6(1)ES01
    Affected: 10.6(1)SU3ES02
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 11.0(1)SU1ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 12.5(1)_SU03_ES05
    Affected: UCCX 15.0.1
    Affected: 12.5(1)_SU03_ES06
    Create a notification for this product.
    Cisco Cisco Unified Intelligence Center Affected: 11.6(1)
    Affected: 10.5(1)
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 11.0(2)
    Affected: 12.6(1)
    Affected: 12.5(1)SU
    Affected: 12.6(1)_ET
    Affected: 12.6(1)_ES05_ET
    Affected: 11.0(3)
    Affected: 12.6(2)
    Affected: 12.6(2)_504_Issue_ET
    Affected: 12.6.1_ExcelIssue_ET
    Affected: 12.6(2)_Permalink_ET
    Affected: 12.6.2_CSCwk19536_ET
    Affected: 12.6.2_CSCwm96922_ET
    Affected: 12.6.2_Amq_OOS_ET
    Affected: 12.5(2)ET_CSCwi79933
    Affected: 12.6(2)_ET
    Affected: 12.6.2_CSCwn48501_ET
    Affected: 15.0(1)
    Affected: 12.6.2_CSCwp61293_ET
    Affected: 12.6.2_CSCwp92614_ET
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20377",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-05T20:13:55.442333Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-05T20:14:05.911Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SecurityPatch"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5"
                },
                {
                  "status": "affected",
                  "version": "11.0"
                },
                {
                  "status": "affected",
                  "version": "11.5"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES3"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)ET01"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)_SP1"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES05"
                },
                {
                  "status": "affected",
                  "version": "UCCX 15.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES06"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Intelligence Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05_ET"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_504_Issue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.1_ExcelIssue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_Permalink_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwk19536_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwm96922_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_Amq_OOS_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)ET_CSCwi79933"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwn48501_ET"
                },
                {
                  "status": "affected",
                  "version": "15.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwp61293_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwp92614_ET"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system.\r\n\r\nThis vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected system that should be restricted. To exploit this vulnerability, the attacker must have valid user credentials on the affected system."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-21T14:23:13.993Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cc-mult-vuln-gK4TFXSn",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cc-mult-vuln-gK4TFXSn",
            "defects": [
              "CSCwo38545"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Unified Intelligence Center API Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20377",
        "datePublished": "2025-11-05T16:31:52.595Z",
        "dateReserved": "2024-10-10T19:15:13.263Z",
        "dateUpdated": "2025-11-21T14:23:13.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-20405 (GCVE-0-2024-20405)

    Vulnerability from cvelistv5 – Published: 2024-06-05 16:15 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20405",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-07T17:17:33.480316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-07T17:17:41.695Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.434Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Finesse",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                }
              ]
            },
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. \r\n\r This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-05T16:15:22.185Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew"
            }
          ],
          "source": {
            "advisory": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
            "defects": [
              "CSCwh95276"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20405",
        "datePublished": "2024-06-05T16:15:22.185Z",
        "dateReserved": "2023-11-08T15:08:07.661Z",
        "dateUpdated": "2024-08-01T21:59:42.434Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20404 (GCVE-0-2024-20404)

    Vulnerability from cvelistv5 – Published: 2024-06-05 16:14 – Updated: 2024-08-01 21:59
    Summary
    A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for services that are associated to the affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20404",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-05T18:11:49.476249Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-05T18:12:02.959Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.723Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Finesse",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                }
              ]
            },
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system.\r\n\r This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for services that are associated to the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-05T16:14:23.637Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew"
            }
          ],
          "source": {
            "advisory": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew",
            "defects": [
              "CSCwh95292"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20404",
        "datePublished": "2024-06-05T16:14:23.637Z",
        "dateReserved": "2023-11-08T15:08:07.661Z",
        "dateUpdated": "2024-08-01T21:59:42.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20253 (GCVE-0-2024-20253)

    Vulnerability from cvelistv5 – Published: 2024-01-26 17:28 – Updated: 2025-05-29 15:12
    VLAI
    Summary
    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Contact Center Enterprise Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 8.5(1)
    Affected: 9.0(2)SU3ES04
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU1ES04
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1ES10
    Affected: 10.6(1)
    Affected: 10.6(1)SU1
    Affected: 10.6(1)SU3
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU3ES03
    Affected: 10.6(1)SU2ES04
    Affected: 10.6(1)SU3ES02
    Affected: 10.6(1)SU3ES01
    Affected: 11.0(1)SU1
    Affected: 11.0(1)SU1ES03
    Affected: 11.0(1)SU1ES02
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 11.5(1)SU1ES03
    Affected: 11.5(1)ES01
    Affected: 12.0(1)
    Affected: 12.0(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES04
    Affected: 12.0(1)ES02
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)ES03
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)ES01
    Affected: 12.5(1)_SU02_ES01
    Affected: 12.5(1)ES02
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 11.6(1)ES01
    Affected: 11.6(2)ES06
    Affected: 11.6(1)ES02
    Affected: 11.6(2)ES01
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES05
    Affected: 11.6(2)ES04
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)ES29
    Affected: 11.5(1)ES32
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)ES36
    Affected: 11.5(1)_ES32
    Affected: 11.5(1)_ES29
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)ES43
    Affected: 11.5(1)_ES53
    Affected: 11.5(1)ES27
    Affected: 11.6(1)
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)_ES22
    Affected: 11.6(1)_ES81
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES84
    Affected: 11.6(1)_ES85
    Affected: 11.6(1)_ES83
    Affected: 11.6(1)_ES80
    Affected: 11.6(1)_ES86
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 12.5(1)_ES02
    Affected: 12.5(1)
    Affected: 12.5(1)_ES08
    Affected: 12.5(1)_ES03
    Affected: 12.5(1)_ES06
    Affected: 12.5(1)_ES09
    Affected: 12.5(1)_ES14
    Affected: 12.5(1)SU
    Affected: 12.5(1)_ES15
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.5(2)_ET
    Affected: 12.5(1)_SU_ES02
    Affected: 12.5(1)_ES10
    Affected: 12.0(1)
    Affected: 12.0(1)_ES02
    Affected: 12.0(1)_ES01
    Affected: 12.0(1)_ES06
    Affected: 12.0(1)_ES07
    Affected: 12.0(1)_ES05
    Affected: 12.0(1)_ES04
    Affected: 12.0(1)_ES03
    Affected: 12.0(1)_ES08
    Affected: 12.6(1)
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES03
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES05
    Affected: 12.6(2)_ES03
    Affected: 12.6(1)_ES02
    Affected: 12.6(1)_ES01
    Affected: 12.6(2)
    Affected: 12.6(2)_ET01
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(1)_ES07
    Create a notification for this product.
    Cisco Cisco Packaged Contact Center Enterprise Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(1)_ES7
    Affected: 10.5(2)_ES8
    Affected: 11.0(1)
    Affected: 11.0(2)
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 12.5(2)
    Affected: 12.6(1)
    Affected: 12.6(2)
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager / Cisco Unity Connection Affected: 10.5(2)SU10
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1a
    Affected: 10.5(2)
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU4
    Affected: 10.5(2)SU5
    Affected: 10.5(2)SU6
    Affected: 10.5(2)SU7
    Affected: 10.5(2)SU8
    Affected: 10.5(2)SU9
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU3a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU6a
    Affected: 11.0(1)
    Affected: 11.0(1a)
    Affected: 11.0(1a)SU1
    Affected: 11.0(1a)SU2
    Affected: 11.0(1a)SU3
    Affected: 11.0(1a)SU3a
    Affected: 11.0(1a)SU4
    Affected: 11.0.1
    Affected: 11.0.2
    Affected: 11.0.5
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU3b
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 10.0(1)SU2
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:31.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-rce-bWNzQcUm",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:42:43.844502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-29T15:12:21.257Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            },
            {
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                }
              ]
            },
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)_ES8"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(2)SU10"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU8"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU9"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.0.5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3b"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T15:42:33.881Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-rce-bWNzQcUm",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-rce-bWNzQcUm",
            "defects": [
              "CSCwe18830",
              "CSCwe18773",
              "CSCwe18840",
              "CSCwd64292",
              "CSCwd64245",
              "CSCwd64276"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20253",
        "datePublished": "2024-01-26T17:28:30.761Z",
        "dateReserved": "2023-11-08T15:08:07.622Z",
        "dateUpdated": "2025-05-29T15:12:21.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20058 (GCVE-0-2023-20058)

    Vulnerability from cvelistv5 – Published: 2023-01-19 01:38 – Updated: 2024-10-25 16:04
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Contact Center Enterprise Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 11.0(1)SU1
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 11.6(1)
    Affected: 11.6(2)
    Create a notification for this product.
    Cisco Cisco Unified Intelligence Center Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 12.5(1)SU
    Affected: 12.6(1)
    Create a notification for this product.
    Cisco Cisco Packaged Contact Center Enterprise Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 12.5(2)
    Affected: 12.6(1)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.869Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cuis-xss-Omm8jyBX",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20058",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:36:44.382026Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T16:04:17.660Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                }
              ]
            },
            {
              "product": "Cisco Unified Intelligence Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                }
              ]
            },
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "format": "cvssV3_0"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:39.867Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cuis-xss-Omm8jyBX",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cuis-xss-Omm8jyBX",
            "defects": [
              "CSCwc84104"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20058",
        "datePublished": "2023-01-19T01:38:26.055Z",
        "dateReserved": "2022-10-27T18:47:50.320Z",
        "dateUpdated": "2024-10-25T16:04:17.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0445 (GCVE-0-2018-0445)

    Vulnerability from cvelistv5 – Published: 2018-10-05 14:00 – Updated: 2024-11-26 14:42
    VLAI
    Title
    Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2018-09-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:10.658Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-0445",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:51:31.944024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:42:17.440Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-09-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-05T13:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20180905-pcce",
            "defect": [
              [
                "CSCvi88426"
              ]
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2018-09-05T16:00:00-0500",
              "ID": "CVE-2018-0445",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Packaged Contact Center Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20180905-pcce",
              "defect": [
                [
                  "CSCvi88426"
                ]
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2018-0445",
        "datePublished": "2018-10-05T14:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-11-26T14:42:17.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0444 (GCVE-0-2018-0444)

    Vulnerability from cvelistv5 – Published: 2018-10-05 14:00 – Updated: 2024-11-26 14:42
    VLAI
    Title
    Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2018-09-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:10.679Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-0444",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:48:37.567090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:42:31.082Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-09-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-05T13:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20180905-pcce",
            "defect": [
              [
                "CSCvi88426"
              ]
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2018-09-05T16:00:00-0500",
              "ID": "CVE-2018-0444",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Packaged Contact Center Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20180905-pcce",
              "defect": [
                [
                  "CSCvi88426"
                ]
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2018-0444",
        "datePublished": "2018-10-05T14:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-11-26T14:42:31.082Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }