Critical Java Flaw in Cisco’s call-center product provides remote access to attacker


Cisco’s call-center product has a critical Java flaw that can remotely access your system, patch soon

Cisco is an American multinational company that develops, manufactures, and sells networking hardware, software, telecommunications equipment, and other high-technology services and products. Through its numerous acquired subsidiaries, such as OpenDNS, Webex, Jabber, and Jasper, Cisco specializes in specific tech markets, such as the Internet of Things (IoT), domain security, and energy management.

Cisco’s call-center product Unified CCX(contact center express) is vulnerable to malware that once exploited allows the attacker to gain control over their systems remotely. Cisco has already warned its customers about the flaw and said to update the software as soon as possible as it can lead to data leak.

Cisco has patched the flaw as soon as they got to know about it and released an official statement warning its customers.

Contact center in a box’ that provides a secure and easy to deploy customer interaction management solution for up to 400 agents.

Cisco descirbes its call center platform Unified CCX

According to the researchers the vulnerability is being tracked as CVE-2020-3280 and has a CVSS severity score of 9.8 out of a possible 10.

A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device

Cisco warned its customers’

Cisco also said that the vulnerability only resides in its mid capped platform Unified CCX, the bigger Cisco Unified Contact Center, which supports contact centers with up to 24,000 agents is not affected.

Cisco’s Product Security Incident Response Team (PSIRT) said it has not found any user affected by the exploit yet, but it is better to update the software to avoid any malicious exercise.


About Author

Be Ready for the challenge

Notify of
Inline Feedbacks
View all comments