Cisco: Critical Java Flaw Strikes 'call Center In A Box', Patch Urgently

Organizations using Cisco's call-center platform, Unified Contact Center Express (Unified CCX), should update the software urgently, Cisco has warned. 

The company has released updates for the Unified CCX platform to address a critical deserialization vulnerability in its Java-based remote management interface, which could allow a remote attacker without credentials to install malware on the device. 

Cisco describes Unified CCX as a "'contact center in a box' that provides a secure and easy to deploy customer interaction management solution for up to 400 agents".

Brenden Meeder, a security expert from Edward Snowden's former employer, Booze Allen Hamilton, found he could compromise Unified CCX systems from afar by sending a malicious serialized Java object to the remote management interface. 

"A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device," Cisco warns

Cisco says the bug doesn't affect the bigger Cisco Unified Contact Center, which supports contact centers with up to 24,000 agents. 

To address the bug, Cisco is urging customers on Unified CCX major releases earlier than 12.0 and those on a 12.0 release to migrate to release 12.0(1)ES03. Unified CCX 12.5 is not vulnerable. 

The vulnerability is being tracked as CVE-2020-3280 and has a CVSS severity score of 9.8 out of a possible 10.  

However Cisco's Product Security Incident Response Team (PSIRT) said it wasn't aware of any attacks in the wild on this flaw. 

Cisco also released updates to fix a high-severity denial-of-service vulnerability affecting the DHCP server of Cisco Prime Network Registrar. 

There are two more recently fixed medium-severity flaws that were addressed, including an SQL injection affecting the web-based management interface of Cisco Prime Collaboration Provisioning Software, and a denial-of-service flaw affecting the file scan process of Cisco AMP for Endpoints Mac Connector Software. 

More on Cisco and network security

  • Cisco: These 12 high-severity bugs in ASA and Firepower security software need patching  

  • Cisco critical bug: Static password in Smart Software Manager – patch now, says Cisco  

  • Cisco: Patch this critical firewall bug in Firepower Management Center  

  • Critical Cisco DCNM flaws: Patch right now as PoC exploits are released  

  • Cisco critical bugs: Nexus data center switch software needs patching now  

  • Cisco: All these routers have the same embedded crypto keys, so update firmware  

  • Cisco: These Wi-Fi access points are easily owned by remote hackers, so patch now  

  • Cisco warning: These routers running IOS have 9.9/10-severity security flaw

  • Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw  

  • Seriously? Cisco put Huawei X.509 certificates and keys into its own switches
  • How to improve cybersecurity for your business: 6 tips TechRepublic

  • New cybersecurity tool lets companies Google their systems for hackers CNET
    • RECENT NEWS

    How Fintech Is Revolutionizing Traditional Banking

    How fintech is revolutionizing traditional banking is a topic that is garnering positive and immense discourse within th... Read more

    Blockchain And Its Impact On Fintech Industry

    Blockchain and its impact on Fintech Industry has become a hot topic in the current digital era. The amalgamation of blo... Read more

    The Rise Of Fintech In The Digital Era

    In the heart of the digital revolution, we've observed a term termed as "fintech" creating a substantial and transformat... Read more

    Role Of Fintech In Transforming Retail Banking

    The role of fintech in transforming retail banking is producing significant changes in the financial services industry. ... Read more

    Fintech Innovations In Asset Management

    Financial technology, or FinTech, refers to the blending of financial services with technology. The importance of FinTec... Read more

    Exploring The Future Of Accounting Software: Unveiling The Power Of AI

    The revolutionary ignition sparked by artificial intelligence (AI) cannot be understated in contemporary business ecosys... Read more

    We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy.