The company was released updates for the Unified CCX platform, in order to repair a critical vulnerability in the remote management interface based on Java, which could allow a remote intruder to install malware on the device, without need credentials.
Cisco describes it Unified CCX as a "contact center in a box, which provides a secure and easy customer interaction management solution for up to 400 agents."
A security expert found that the specific vulnerability could jeopardize Unified CCX systems by sending a malicious serial Java object to the remote management interface.
Cisco says the error does not affect the larger Cisco Unified Contact Center, which supports contact centers with up to 24.000 agents.
To deal with it error, Cisco urges customers using important versions of Unified CCX older than 12.0, but also 12.0 itself, to switch to version 12.0 (1) ES03. Unified CCX 12.5 is not vulnerable.
Vulnerability is called CVE-2020-3280 and has a CVSS score of 9,8 out of 10 in terms of criticality.
However, Cisco's Product Security Incident Response Team (PSIRT) said it had not discovered any attacks that could have been carried out to exploit the vulnerability.
Cisco has also released updates to correct a high-severity denial vulnerability that affects DHCP server of Cisco Prime Network Registrar.
There are also two other recent medium-severity defects that have been fixed, including one SQL injection affecting its web-based management interface Cisco Prime Collaboration Provisioning Software and a service denial defect that affects its file scanning process Cisco AMP for Endpoints Mac Connector Software.