Cisco patches critical flaws in Unified CCX software.

Cisco fixed two critical vulnerabilities in its Unified Contact Center Express platform that allowed remote code execution and admin privilege escalation. One flaw exploited Java RMI to upload files and run commands as root; the other tricked the CCX Editor into accepting fake authentication. Cisco also addressed a high-severity DoS bug in Identity Services Engine and eight medium-risk issues across multiple products. No active exploitation has been reported, but two older flaws in ASA and FTD software now face new attack variants.

Read more:

https://www.securityweek.com/cisco-patches-critical-vulnerabilities-in-contact-center-appliance/