Cisco patches Critical RCE vulnerability in Unified CCX software

Cisco patched a Critical RCE vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX).

A remote unauthenticated attacker could execute arbitrary code as root on an impacted system.

“The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system,” Cisco warned in the advisory.

Cisco has released updates for Cisco Unified CCX software that address this remote code execution (RCE) vulnerability CVE-2020-3280.

Furthermore, Cisco also fixed a High severity denial of service (DoS) vulnerability CVE-2020-3175 in MDS 9000 Series Switches.

The vulnerability affects the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches.

As a result, an unauthenticated, remote attacker could cause a DoS condition on an affected network device.

Related Articles