CVE-2025-20114

Опубликовано: 21 мая 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system.

This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system.

Ссылки

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:unified_intelligence_center:10.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.0\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.0\(2\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.0\(3\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.6\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.0\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.5\(1\)su:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\)_es05_et:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\)_et:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:cisco:unified_contact_center_express:8.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:9.0\(2\)su3es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\)su1es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1es10:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su2es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\)es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es05:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es06:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es07:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es08:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es05:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es06:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su3:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00051

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-9r82-ff34-6w3x

CVSS3: 4.3

github

9 месяцев назад

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system.

BDU:2025-06734

CVSS3: 4.3

fstec

9 месяцев назад

Уязвимость API-интерфейса программного средства для создания отчетов Cisco Unified Intelligence Center и программного средства для управления контакт-центрами Unified Contact Center Enterprise (Cisco Unified CCX), позволяющая нарушителю повысить свои привилегии до уровня root

EPSS

Процентиль: 16%

0.00051

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-639