CVE-2025-20113

Опубликовано: 21 мая 2025

Источник: nvd

CVSS3: 7.1

EPSS Низкий

Описание

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.

This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.

Ссылки

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:unified_intelligence_center:10.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.0\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.0\(2\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.0\(3\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.6\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.0\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.5\(1\)su:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\)_es05_et:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\)_et:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:cisco:unified_contact_center_express:8.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:9.0\(2\)su3es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\)su1es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1es10:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su2es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\)es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es05:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es06:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es07:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es08:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es05:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es06:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su3:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00055

Низкий

7.1 High

CVSS3

Дефекты

CWE-602

Связанные уязвимости

GHSA-435v-q3pr-69h4

CVSS3: 7.1

github

7 месяцев назад

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.

BDU:2025-06733

CVSS3: 7.1

fstec

7 месяцев назад

Уязвимость программного средства для создания отчетов Cisco Unified Intelligence Center и программного средства для управления контакт-центрами Unified Contact Center Enterprise (Cisco Unified CCX), связанная с реализацией функций безопасности на стороне клиента, позволяющая нарушителю повысить свои привилегии до уровня root

EPSS

Процентиль: 17%

0.00055

Низкий

7.1 High

CVSS3

Дефекты

CWE-602