Thursday, October 22, 19:22
Home security A critical defect in Cisco's Unified CCX is repaired

A critical defect in Cisco's Unified CCX is repaired


As warned Cisco, the organizations that use it platform call center Unified Contact Center Express (Unified CCX), they should inform her immediately.

The company was released updates for the Unified CCX platform, in order to repair a critical vulnerability in the remote management interface based on Java, which could allow a remote intruder to install malware on the device, without need credentials.

Cisco describes it Unified CCX as a "contact center in a box, which provides a secure and easy customer interaction management solution for up to 400 agents."

A security expert found that the specific vulnerability could jeopardize Unified CCX systems by sending a malicious serial Java object to the remote management interface.

Cisco says the error does not affect the larger Cisco Unified Contact Center, which supports contact centers with up to 24.000 agents.

To deal with it error, Cisco urges customers using important versions of Unified CCX older than 12.0, but also 12.0 itself, to switch to version 12.0 (1) ES03. Unified CCX 12.5 is not vulnerable.

Vulnerability is called CVE-2020-3280 and has a CVSS score of 9,8 out of 10 in terms of criticality.

However, Cisco's Product Security Incident Response Team (PSIRT) said it had not discovered any attacks that could have been carried out to exploit the vulnerability.

Cisco has also released updates to correct a high-severity denial vulnerability that affects DHCP server of Cisco Prime Network Registrar.

There are also two other recent medium-severity defects that have been fixed, including one SQL injection affecting its web-based management interface Cisco Prime Collaboration Provisioning Software and a service denial defect that affects its file scanning process Cisco AMP for Endpoints Mac Connector Software.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


How to remove Edge tabs from Alt + Tab in Windows 10

Starting with the October 2020 update, Windows 10 now displays Microsoft Edge browser tabs in the Alt + Tab task ...

Patient information is held for ransom by hackers

A company offering psychological support and psychotherapy services to thousands of patients in Finland has fallen victim to hackers. As the company stated, ...

ESafety believes that social media authentication would not be practical

Australian eSafety Commissioner Julie Inman-Grant has dismissed the practice of verifying users' identities on social media.

First beta version of the "1Password" application for Linux

One and a half months after the first rumors about the release of the 1Password application for the Linux desktop, the co-founder of Dave Teare announced now ...

The price of Bitcoin skyrockets after PayPal adds cryptocurrency

The price of Bitcoin reached a very high record on Wednesday, after the announcement of PayPal for the integration of cryptocurrency in the online ...

Dr Reddy is closing its laboratories worldwide following a data breach

The pharmaceutical company Dr Reddy 's Laboratories (DRL) was forced to close its laboratories worldwide, after a data breach that ...

PayPal lets users use cryptocurrency

PayPal on Wednesday announced a new feature that will allow users to buy, store and sell cryptocurrency.

Activists are developing face recognition technology to reveal the identities of police officers

In early September, Portland, Oregon City Council held a virtual meeting to consider legislation that ...

Tesla share rises almost 5%

Tesla's Elon Musk released the results for the third quarter of 2020 on Wednesday. The share rose almost 5% on ...

Account Takeover Attacks: How to Avoid Them?

Account Takeover (ATO) attacks are a form of theft, often used by criminals. The attackers are trying to break into accounts ...