Cisco released a new advisory this week, warning users of a critical security bug in its UCCE platform that can let attackers take over systems.
The UCCE platform is used by several companies for managing their contact centers from customers and holds sensitive data given by them. So if a hacker manages to breach in, he can modify and steal the saved data belonging to both the company and its customers.
Cisco Warns of a Bug in its Software
Cisco, the networking appliances maker has shared a security advisory this week, in which the company warned about a critical bug in its Unified Contact Center Enterprise (UCCE) suite. The platform offers contact support through inbound voice, outbound voice, outbound interactive voice response (IVR), and digital channels.
With the capacity of supporting nearly 24,000 customer-service agents at a time, the UCCE platform from Cisco is used by several companies to communicate with their customers. One among them includes T-Mobile USA boasts Cisco. But now, the company pointed at a bug (CVE-2022-20658), that can let attackers take over systems!
Found in the tools of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM), the bug is a server-client authentication mechanism failure and can let an ‘Advanced User’ breach in, escalate privileges, and takeover systems ultimately.
Affected Cisco UCCE versions are;
- Versions 11.6.1 and earlier: Fixed release is 11.6.1 ES17
- Version 12.0.1: Fixed release is 12.0.1 ES5, and
- Version 12.5.1: Fixed release is 12.5.1 ES5
Cisco said that a successful attacker can access and modify the telephony resources and other data saved in the company’s suite. This is aside from him having access to the sensitive data belonging to the customers when they contacted the company through UCCE channels.
Well, Cisco released a patch for this and recommends system admins apply it as soon as possible. Also, the company reported finding no exploits of this bug in the wild yet.
Other Trending News:- News