Critical Cisco Bug in Unified CCX Allows Remote Code Execution

Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express (CCX).

Cisco’s Unified CCX software is touted as a “contact center in a box” that allows companies to deploy customer-care applications. The flaw (CVE-2020-3280), which has a CVSS score of 9.8 out of 10, stems from the Java Remote Management Interface of the product.

“The vulnerability is due to insecure deserialization of user-supplied content by the affected software,” according to Cisco, in a Wednesday security alert.

Read more…
Source: ThreatPost