CNNVD-202511-402 Information
CNNVD ID
CNNVD-202511-402
Related CVE
- CNNVD Published: 2025-11-05
Description (Chinese)
Cisco Unified Contact Center Express(Unified CCX)是美国思科(Cisco)公司的一款统一通信解决方案中的客户关系管理组件。该组件支持自助语音服务、呼叫分配和客户访问控制等功能。 Cisco Unified Contact Center Express(Unified CCX)存在代码问题漏洞,该漏洞源于Java RMI进程的认证机制不当,可能导致未经验证的远程攻击者上传任意文件并以root权限执行任意命令。
Description (English)
Cisco Unified Contact Center Express (Unified CCX) is the customer relationship management component of a unified communications solution with Cisco. The component supports functions such as self-service voice services, call allocation and customer access control. There is a code gap in Cisco Unified Contact Center Express (Unified CCX), which stems from the inappropriate certification mechanism of the Java RMI process and may lead to unauthorized remote assailants uploading arbitrary documents and carrying out arbitrary orders with root authority.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
思科
Published
2025-11-05
Last Modified
2026-02-24
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ https://access.redhat.com/security/cve/cve-2025-20354