CVE-2025-20277

MEDIUM EPSS 4.3%
Published Jun 4, 20251y ago · Modified Jun 17, 20261w ago
6.7 CVSS 3.1
Medium
Find Similar
Published Jun 4, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.

CVSS Details

Base Score
6.7
Exploitability
0.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
4.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 60

VendorProductVersionRange
ciscounified_contact_center_express8.5\(1\)any
ciscounified_contact_center_express9.0\(2\)su3es04any
ciscounified_contact_center_express10.0\(1\)su1any
ciscounified_contact_center_express10.0\(1\)su1es04any
ciscounified_contact_center_express10.5\(1\)any
ciscounified_contact_center_express10.5\(1\)su1any
ciscounified_contact_center_express10.5\(1\)su1es10any
ciscounified_contact_center_express10.6\(1\)any
ciscounified_contact_center_express10.6\(1\)su1any
ciscounified_contact_center_express10.6\(1\)su2any
ciscounified_contact_center_express10.6\(1\)su2es04any
ciscounified_contact_center_express10.6\(1\)su3any
ciscounified_contact_center_express10.6\(1\)su3es01any
ciscounified_contact_center_express10.6\(1\)su3es02any
ciscounified_contact_center_express10.6\(1\)su3es03any
ciscounified_contact_center_express11.0\(1\)su1any
ciscounified_contact_center_express11.0\(1\)su1es02any
ciscounified_contact_center_express11.0\(1\)su1es03any
ciscounified_contact_center_express11.5\(1\)es01any
ciscounified_contact_center_express11.5\(1\)su1any
ciscounified_contact_center_express11.5\(1\)su1es01any
ciscounified_contact_center_express11.5\(1\)su1es02any
ciscounified_contact_center_express11.5\(1\)su1es03any
ciscounified_contact_center_express11.6\(1\)any
ciscounified_contact_center_express11.6\(1\)es01any
ciscounified_contact_center_express11.6\(1\)es02any
ciscounified_contact_center_express11.6\(2\)any
ciscounified_contact_center_express11.6\(2\)es01any
ciscounified_contact_center_express11.6\(2\)es02any
ciscounified_contact_center_express11.6\(2\)es03any
ciscounified_contact_center_express11.6\(2\)es04any
ciscounified_contact_center_express11.6\(2\)es05any
ciscounified_contact_center_express11.6\(2\)es06any
ciscounified_contact_center_express11.6\(2\)es07any
ciscounified_contact_center_express11.6\(2\)es08any
ciscounified_contact_center_express12.0\(1\)any
ciscounified_contact_center_express12.0\(1\)es01any
ciscounified_contact_center_express12.0\(1\)es02any
ciscounified_contact_center_express12.0\(1\)es03any
ciscounified_contact_center_express12.0\(1\)es04any
ciscounified_contact_center_express12.5\(1\)any
ciscounified_contact_center_express12.5\(1\)_su01_es01any
ciscounified_contact_center_express12.5\(1\)_su01_es02any
ciscounified_contact_center_express12.5\(1\)_su01_es03any
ciscounified_contact_center_express12.5\(1\)_su02_es01any
ciscounified_contact_center_express12.5\(1\)_su02_es02any
ciscounified_contact_center_express12.5\(1\)_su02_es03any
ciscounified_contact_center_express12.5\(1\)_su02_es04any
ciscounified_contact_center_express12.5\(1\)_su03_es01any
ciscounified_contact_center_express12.5\(1\)_su03_es02any
ciscounified_contact_center_express12.5\(1\)_su03_es03any
ciscounified_contact_center_express12.5\(1\)_su03_es04any
ciscounified_contact_center_express12.5\(1\)_su03_es05any
ciscounified_contact_center_express12.5\(1\)_su03_es06any
ciscounified_contact_center_express12.5\(1\)es01any
ciscounified_contact_center_express12.5\(1\)es02any
ciscounified_contact_center_express12.5\(1\)es03any
ciscounified_contact_center_express12.5\(1\)su1any
ciscounified_contact_center_express12.5\(1\)su2any
ciscounified_contact_center_express12.5\(1\)su3any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.