CVE-2025-20242

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-20242
A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port on an affected device. A successful exploit could allow the attacker to read or modify data on the affected device.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-contcent-insuffacces-ArDOVhN8 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(2\)es2:*:*:*:*:*:*:*
History

11 Jul 2025, 15:20

Type Values Removed Values Added
CPE cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(2\)es2:*:*:*:*:*:*:*
First Time Cisco
Cisco unified Contact Center Enterprise
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-contcent-insuffacces-ArDOVhN8 - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-contcent-insuffacces-ArDOVhN8 - Vendor Advisory
Summary
  • (es) Una vulnerabilidad en el componente Cloud Connect de Cisco Unified Contact Center Enterprise (CCE) podría permitir que un atacante remoto no autenticado lea y modifique datos en un dispositivo afectado. Esta vulnerabilidad se debe a la falta de controles de autenticación adecuados. Un atacante podría explotar esta vulnerabilidad enviando datos TCP manipulados a un puerto específico del dispositivo afectado. Una explotación exitosa podría permitir al atacante leer o modificar datos en el dispositivo afectado.

21 May 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-21 17:15

Updated : 2025-07-11 15:20

NVD link : CVE-2025-20242

Mitre link : CVE-2025-20242

CVE.ORG link : CVE-2025-20242

JSON object : View

Products Affected

cisco

  • unified_contact_center_enterprise
CWE
CWE-284

Improper Access Control