CVE-2025-20274

Опубликовано: 16 июл. 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

EPSS Низкий

Описание

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device.

This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer.

Ссылки

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:unified_intelligence_center:10.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.0\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.0\(2\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.0\(3\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:11.6\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.0\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.5\(1\)su:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\)_es05_et:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\)_et:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1es10:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su2es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\)es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es05:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es06:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es07:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es08:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es04:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es05:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es06:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es01:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es02:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es03:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su3:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00248

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-phq6-884q-fxgr

CVSS3: 6.3

github

7 месяцев назад

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer.

BDU:2025-09600

CVSS3: 6.3

fstec

7 месяцев назад

Уязвимость веб-интерфейса управления программного средства для создания отчетов Cisco Unified Intelligence Center и программного средства автоматизации работы операторов Cisco Unified Contact Center Express, позволяющая нарушителю выполнить произвольные команды и повысить свои привилегии

EPSS

Процентиль: 48%

0.00248

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-434