CNNVD-202511-398 Information
CNNVD ID
CNNVD-202511-398
Related CVE
- CNNVD Published: 2025-11-05
Description (Chinese)
Cisco Unified Contact Center Express(Unified CCX)是美国思科(Cisco)公司的一款统一通信解决方案中的客户关系管理组件。该组件支持自助语音服务、呼叫分配和客户访问控制等功能。 Cisco Unified Contact Center Express(Unified CCX)存在代码问题漏洞,该漏洞源于文件上传机制输入验证不足,可能导致远程攻击者上传并执行任意文件,从而执行任意命令并提升权限至root。
Description (English)
Cisco Unified Contact Center Express (Unified CCX) is the customer relationship management component of a unified communications solution with Cisco. The component supports functions such as self-service voice services, call allocation and customer access control. There is a code gap in Cisco Unified Contact Center Express (Unified CCX), which stems from the inadequate documentation uploading and verification mechanism, which may lead to remote assailants uploading and executing arbitrary documents, thus executing arbitrary orders and increasing their authority to root.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
思科
Published
2025-11-05
Last Modified
2026-02-24
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn https://access.redhat.com/security/cve/cve-2025-20376