Cisco Systems has released a security update for a critical vulnerability that affects the Cisco Unified Contact Center Multimedia and Distributed Contact Center and Unified Cisco Contact Fomain Manager, allowing attackers to access the system with Administrator rights.

This flaw was given the number CVE-2022-20658 and was rated at 9.6 on the CVSS scale. Its essence lies in the possibility of privilege escalation, which occurs due to the lack of checking user permissions on the server side, which allows the creation of fraudulent Administrator-level accounts by sending a fabricated HTTP request.

"Through these accounts, an attacker can gain access to the system and change telephony settings and user resources on platforms associated with the vulnerable Cisco Unified CCMP," a company spokesman said in an advisory this week. "An attacker needs valid Advanced User credentials to successfully exploit the vulnerability."

According to Cisco, the issue was discovered as part of a Technical Assistance Case (TAC) solution. At the moment, unpatched Unified CCMP and Unified CCDM products versions up to 11.6.1, as well as 12.0.1 and 12.5.1 are affected by the threat.

Despite the fact that so far no real cases of exploitation of the vulnerability have been noticed, company representatives recommend that users update the software to the latest version in order to avoid possible risks in the future.

News translation: Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM

bbabo.Net