Cisco Systems has released security updates for a critical security vulnerability affecting the Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager ( Unified CCDM) can be exploited by a remote attacker to gain control of the affected system.
Follow is CVE-2022-20658, the vulnerability has been given a severity rating of 9.6 on the CVSS scoring system and relates to a privilege reporting vulnerability that arises due to a lack of server-side validation for user permissions that can be weaponized to create a fake Administrator account by sending a manually generated HTTP request.
“With these accounts, an attacker can access and modify phone and user resources on all Unified platforms associated with the vulnerable Cisco Unified CCMP,” Cisco noted in a statement. Advisory published this week. “To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials.”
The network equipment company said that CCMP and CCDM unified product versions 12.5.1, 12.0.1 and 11.6.1 and earlier running with default configuration will be affected, the network equipment company said. aware, and added that they discovered the issue as part of a Technical Support Center (TAC) support case. Version 12.6.1 of software Unaffected.
While there is no evidence that the vulnerability has been exploited in real-world attacks, users are advised to upgrade to the latest version to reduce the risks associated with this vulnerability.