Cisco Programs has rolled out safety updates for a essential safety vulnerability affecting Unified Contact Heart Administration Portal (Unified CCMP) and Unified Contact Heart Area Supervisor (Unified CCDM) that might be exploited by a distant attacker to take management of an affected system.
Tracked as CVE-2022-20658, the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and considerations a privilege escalation flaw arising out of a scarcity of server-side validation of consumer permissions that might be weaponized to create rogue Administrator accounts by submitting a crafted HTTP request.
“With these accounts, the attacker may entry and modify telephony and consumer sources throughout all of the Unified platforms which are related to the susceptible Cisco Unified CCMP,” Cisco famous in an advisory revealed this week. ” To efficiently exploit this vulnerability, an attacker would wish legitimate Superior Person credentials.”
Unified CCMP and Unified CCDM product variations 12.5.1, 12.0.1, and 11.6.1 and earlier operating with default configuration are impacted, the networking tools firm mentioned, including it discovered the difficulty as a part of a Technical Help Heart (TAC) assist case. Model 12.6.1 of the software program isn’t affected.
Whereas there isn’t any proof that the safety flaw has been exploited in real-world assaults, it is really useful that customers improve to the most recent model to mitigate the chance related to the failings.