Cybersecurity specialists reported the finding of a critical vulnerability affecting Cisco Unified Contact Center Management Portal (Unified CCMP). According to the report, successful exploitation would allow hackers compromise the target system.

Tracked as CVE-2022-20658, the vulnerability exists due to the lack of server-side validation of user permissions in the web-based management interface of the affected product and would allow remote threat actors to send specially crafted HTTP requests in order to create new Administrator accounts.

The flaw received a 7.7/10 score according to the Common Vulnerability Scoring System (CVSS) as a successful attack allows a remote user to escalate privileges on the affected system.

According to the report, the flaw resides in the following Unified Contact Center Management Portal versions: before 11.6.1 ES17, 12.0.1 ES5 & 12.5.1 ES5.

Even though the vulnerability could be exploited by remote malicious users via the Internet, cybersecurity experts have detected no exploitation attempts. Still, specialists recommend update as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Privilege escalation flaw in Cisco Unified Contact Center Management Portal appeared first on Information Security Newspaper | Hacking News.


You May Also Like

Unpatched severe vulnerability with CVVS score of 7.7 in VMware’s Cloud Foundation, ESXi, Fusion and Workstation platforms

Cybersecurity specialists report the detection of a critical vulnerability in some VMware…

Secure your WordPress backups. Critical vulnerability in UpdraftPlus plugin affects millions of websites

The developers of the popular UpdraftPlus plugin announced a series of updates…

Important memory leak vulnerabilities in F5 firewalls: Patch immediately

Information security specialists reported the detection of two security flaws affecting several…