TL;DR 📌

Multiple vulnerabilities have been identified in Cisco Contact Center products, allowing authenticated attackers to potentially disclose sensitive information, execute arbitrary commands, and elevate privileges. The highest CVSS score is 6.5, indicating a medium risk. Users are advised to upgrade to fixed software releases as there are no available workarounds.

What happened 🕵️‍♂️

Cisco has disclosed multiple vulnerabilities affecting its Contact Center products, including Cisco Unified Contact Center Express (Unified CCX), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Packaged Contact Center Enterprise (Packaged CCE), and Cisco Unified Intelligence Center (CUIC). These vulnerabilities can be exploited by authenticated remote attackers to disclose sensitive information, upload and execute arbitrary files, and elevate privileges to root. Successful exploitation requires valid user credentials.