CVE-2020-3280: Cisco Unified Contact Center Express Remote Code Execution Vulnerability Alert

Recently, Cisco issued a notice saying that it fixed a high-risk vulnerability (CVE-2020-3280) in Cisco Unified Contact Center Express (Unified CCX). The vulnerability stems from the fact that during the deserialization operation of the software, the input provided by the user is not sufficiently restricted. The attacker can send a malicious Java object to trigger the vulnerability without authorization to execute arbitrary code.

Cisco Unified Contact Center Express (Unified CCX) is a customer relationship management component of a unified communications solution from Cisco in the United States. This component supports functions such as self-service voice service, call distribution, and customer access control.

Affected version

  • Cisco Unified CCX <= 12.0

Unaffected version

  • Cisco Unified CCX 12.0(1)ES03
  • Cisco Unified CCX 12.5

Solution

Cisco official has released a new version to fix this vulnerability, please users update to the unaffected version as soon as possible for protection.