[ad_1]
Cisco Programs has rolled out safety updates for a crucial safety vulnerability affecting Unified Contact Middle Administration Portal (Unified CCMP) and Unified Contact Middle Area Supervisor (Unified CCDM) that could possibly be exploited by a distant attacker to take management of an affected system.
Tracked as CVE-2022-20658, the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and considerations a privilege escalation flaw arising out of an absence of server-side validation of person permissions that could possibly be weaponized to create rogue Administrator accounts by submitting a crafted HTTP request.
“With these accounts, the attacker may entry and modify telephony and person sources throughout all of the Unified platforms which might be related to the susceptible Cisco Unified CCMP,” Cisco famous in an advisory revealed this week. ” To efficiently exploit this vulnerability, an attacker would wish legitimate Superior Person credentials.”
Unified CCMP and Unified CCDM product variations 12.5.1, 12.0.1, and 11.6.1 and earlier working with default configuration are impacted, the networking tools firm mentioned, including it discovered the difficulty as a part of a Technical Help Middle (TAC) assist case. Model 12.6.1 of the software program will not be affected.
Whereas there isn’t a proof that the safety flaw has been exploited in real-world assaults, it is beneficial that customers improve to the newest model to mitigate the danger related to the issues.
[ad_2]
