Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2025-20277

LOW

Published 2025-06-04T16:18:12.612Z

Actions:

CVSS Score

V3.1

3.4

/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Description

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.

This vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Cisco Unified Contact Center Express

Affected Versions:

10.6(1) 10.5(1)SU1 10.6(1)SU3 12.0(1) 10.0(1)SU1 10.6(1)SU1 11.0(1)SU1 11.5(1)SU1 10.5(1) 11.6(1) 11.6(2) 12.5(1) 12.5(1)SU1 12.5(1)SU2 12.5(1)SU3 12.5(1)_SU03_ES01 12.5(1)_SU03_ES02 12.5(1)_SU02_ES03 12.5(1)_SU02_ES04 12.5(1)_SU02_ES02 12.5(1)_SU01_ES02 12.5(1)_SU01_ES03 12.5(1)_SU02_ES01 11.6(2)ES07 11.6(2)ES08 12.5(1)_SU01_ES01 12.0(1)ES04 12.5(1)ES02 12.5(1)ES03 11.6(2)ES06 12.5(1)ES01 12.0(1)ES03 12.0(1)ES01 11.6(2)ES05 12.0(1)ES02 11.6(2)ES04 11.6(2)ES03 11.6(2)ES02 11.6(2)ES01 10.6(1)SU3ES03 11.0(1)SU1ES03 10.6(1)SU3ES01 10.5(1)SU1ES10 10.0(1)SU1ES04 11.5(1)SU1ES03 11.6(1)ES02 11.5(1)ES01 9.0(2)SU3ES04 10.6(1)SU2 10.6(1)SU2ES04 11.6(1)ES01 10.6(1)SU3ES02 11.5(1)SU1ES02 11.5(1)SU1ES01 8.5(1) 11.0(1)SU1ES02 12.5(1)_SU03_ES03 12.5(1)_SU03_ES04 12.5(1)_SU03_ES05 12.5(1)_SU03_ES06

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL

Published: 2025-06-04T16:18:12.612Z

Last Modified: 2025-06-05T03:55:22.855Z

Copied to clipboard!