Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-20288

Опубликовано: 16 июл. 2025
Источник: nvd
CVSS3: 5.8
CVSS3: 5.3
EPSS Низкий

Описание

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.

This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:unified_intelligence_center:10.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:11.0\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:11.0\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:11.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:11.6\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:12.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:12.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:12.5\(1\)su:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\)_es05_et:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\)_et:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\)su1es10:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su2es04:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es01:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es02:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\)su3es03:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1es02:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\)su1es03:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)es01:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es01:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es02:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\)su1es03:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\)es01:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.6\(1\)es02:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es01:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es02:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es03:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es04:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es05:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es06:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es07:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:11.6\(2\)es08:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es01:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es02:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es03:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\)es04:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es01:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es02:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su01_es03:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es01:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es02:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es03:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su02_es04:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es01:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es02:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es03:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es04:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es05:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)_su03_es06:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es01:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es02:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)es03:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\)su3:*:*:*:*:*:*:*

EPSS

Процентиль: 1%
0.00012
Низкий

5.8 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-918

Связанные уязвимости

github логотип

GHSA-gr52-482f-6whp

CVSS3: 5.8
github
около 1 месяца назад

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.

fstec логотип

BDU:2025-08726

CVSS3: 5.8
fstec
около 1 месяца назад

Уязвимость веб-интерфейса управления программного средства для создания отчетов Cisco Unified Intelligence Center и мультимедийного и распределенного контакт-центра Cisco Unified Contact Center Enterprise, позволяющая нарушителю осуществить SSRF-атаку

EPSS

Процентиль: 1%
0.00012
Низкий

5.8 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-918