Cisco patched a Critical RCE vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX).
A remote unauthenticated attacker could execute arbitrary code as root on an impacted system.
“The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system,” Cisco warned in the advisory.
Cisco has released updates for Cisco Unified CCX software that address this remote code execution (RCE) vulnerability CVE-2020-3280.
Furthermore, Cisco also fixed a High severity denial of service (DoS) vulnerability CVE-2020-3175 in MDS 9000 Series Switches.
The vulnerability affects the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches.
As a result, an unauthenticated, remote attacker could cause a DoS condition on an affected network device.