Privilege escalation flaw in Cisco Unified Contact Center Management Portal

Cybersecurity specialists reported the finding of a critical vulnerability affecting Cisco Unified Contact Center Management Portal (Unified CCMP). According to the report, successful exploitation would allow hackers compromise the target system.

Tracked as CVE-2022-20658, the vulnerability exists due to the lack of server-side validation of user permissions in the web-based management interface of the affected product and would allow remote threat actors to send specially crafted HTTP requests in order to create new Administrator accounts.

The flaw received a 7.7/10 score according to the Common Vulnerability Scoring System (CVSS) as a successful attack allows a remote user to escalate privileges on the affected system.

According to the report, the flaw resides in the following Unified Contact Center Management Portal versions: before 11.6.1 ES17, 12.0.1 ES5 & 12.5.1 ES5.

Even though the vulnerability could be exploited by remote malicious users via the Internet, cybersecurity experts have detected no exploitation attempts. Still, specialists recommend update as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.