CVE-2025-20277

{"id": "CVE-2025-20277", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.4, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2025-06-04T17:15:27.753", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Cisco Unified CCX podr\u00eda permitir que un atacante local autenticado ejecute c\u00f3digo arbitrario en un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debe tener credenciales administrativas v\u00e1lidas. Esta vulnerabilidad se debe a una limitaci\u00f3n incorrecta de una ruta de acceso a un directorio restringido (path traversal). Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud web manipulada a un dispositivo afectado, seguida de un comando espec\u00edfico a trav\u00e9s de una sesi\u00f3n SSH. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario en el sistema operativo subyacente de un dispositivo afectado como un usuario con privilegios bajos. Una explotaci\u00f3n exitosa tambi\u00e9n podr\u00eda permitir al atacante realizar acciones adicionales para elevar sus privilegios a root."}], "lastModified": "2025-07-22T13:41:20.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:8.5\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED97AAD8-D02D-42AB-863A-7538A1F6D425"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su3es04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1202DE4-CA67-424E-8379-2BC13630F0C7"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31854EAF-89B5-40BB-98E7-7EBB2E867C96"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1es04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE1194F1-9CF5-460E-AF26-FB7CDC1EE878"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1es10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE358FF2-CB8A-4E0D-926E-ED151B585E52"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A766B903-E6DB-4838-90A7-63918C9F8AD9"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F1F0C70-E644-4DCA-93C2-6BCB331D08E6"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2es04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF54B434-E765-40B1-B12A-21FC7F415ACE"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60839544-11E0-4381-A9AA-21D6FB403F88"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D8114CF-6689-4C97-BD5D-07CC8EEF35A2"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D90986B-64ED-44A1-9CF1-7C9FD27555FF"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "442E4715-5043-4BF7-8961-C8844A00A7B5"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C17A2AB-33B3-4089-A701-A29A4E55D667"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)es01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC6FFA8B-248F-42C7-8A06-3F7E158386EE"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F529FE5-1DE8-43A5-88EE-0980D3A55BCF"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "766350AF-1B2F-4DC0-9DA3-E17B45892163"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "702E48CC-3858-491C-A328-5D9ADDDC8DC0"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20CF8B80-28C0-407B-BA60-1B07694A3DFA"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59A30F7B-9756-40BD-89C1-60E2702CC806"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29A15BB5-0725-4159-B387-74CFBF58F349"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82F5416D-0DF3-48BB-8A23-DBC2B0746195"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "908E3B03-7248-44B4-B0DE-E3B3F7FA9555"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1705F343-BF9D-4EBC-B833-64F03EDD7C27"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "686F6450-99FC-4260-B9CE-B7F313464EFB"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93851C02-3E0A-41F1-82BB-24546A83E272"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10E25C7A-42B4-40CE-A13B-0252C05FCFD5"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A92970B-53FD-4ED6-95BC-FDC7BB6780CB"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE8E4137-3059-46B0-B241-2AA42A3D959E"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30A8784D-B7A6-4F13-B89D-4ED910CC0576"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B368DEE7-7639-4D46-997B-2F2409712CAA"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B721320B-C72C-4550-B585-9F43439FAB25"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5F18549-A002-4106-9740-6B641E0ECF8E"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFF4AD59-6A04-4473-84E0-D99D24D99BC4"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9715BD0-F519-462E-ACF6-859B203638D5"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB2C8F59-78F2-4E3A-8261-F4EF214F691A"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3117461-56A5-4957-8BE0-83F44B66AE3E"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B279AE4-9CF7-49F1-A4C3-D8A6301EF136"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "860ACAB6-5CB9-468C-90C4-B7C8E9559D2A"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB2D8357-773D-492F-BC5B-F672C4D736A7"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51D7EEFA-D04C-4769-8C62-B8B5902F79ED"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E31A16D3-3B40-42EA-BAC3-05A13082CED2"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21F08B08-23C1-4AD7-AD67-34D196C8470E"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05AD3A80-2409-475E-87F5-430E51C53087"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49165652-275C-4AD9-9585-2F130989D404"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4480EF1-226E-459E-B2F5-3985A219BBD5"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A408698-6123-4772-8D11-FE89EBB135D0"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80F9AF5B-3670-4910-9AD8-C1FB90C7190B"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78DAF852-5CA1-4D2B-948B-F0E9FB9DA973"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83EDDAAF-0746-4851-B7E5-60E4ED039D02"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10"}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BF183D9-CDF6-44D9-B529-F13666A3EE07"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}