#BSI WID-SEC-2025-1127: [NEU] [mittel] ##Cisco ##Unified #Intelligence ##Center #und Cisco Unified #Contact Center #Express (#UCCX): Mehrere Schwachstellen ermöglichen Privilegieneskalation

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Cisco Unified Intelligence Center und Cisco Unified Contact Center Express (UCCX) ausnutzen, um seine Privilegien zu erhöhen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1127

For those of you following #CVE CVE-2024-20253, note that #cisco have released a small patch for affected #callmanager systems overnight. As such you shouldn't need to do full updates to fixed versions to remediate so long as you're running 12.5(1) or higher.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm has been updated to reflect the new patches for #cucm #imp#cuc #ucce #uccx and #vvb