Cisco Patches Critical Vulnerabilities in Contact Center Appliance
The flaws allow attackers to execute arbitrary code remotely and elevate their privileges to root on an affected system. The post Cisco Patches Critical Vulnerabilities in Contact Center Appliance appeared first on SecurityWeek.
Cisco on Wednesday announced patches for nearly a dozen vulnerabilities, including two critical flaws leading to remote code execution.
The critical bugs, tracked as CVE-2025-20354 (CVSS score of 9.8) and CVE-2025-20358 (CVSS score of 9.4), impact the Cisco Unified Contact Center Express (Unified CCX) appliance.
The first issue was discovered in the Java Remote Method Invocation (RMI) process and could be exploited remotely, without authentication, to upload arbitrary files and execute arbitrary commands with root privileges.
Source: https://www.securityweek.com/cisco-patches-critical-vulnerabilities-in-contact-center-appliance/
Related breach coverage
- Fortinet Patches Critical FortiSandbox Vulnerabilities2026-04-15
The flaws could allow attackers to bypass authentication or execute arbitrary code or commands via HTTP requests. The post Fortinet Patches Critical FortiSandbox Vulnerabilities appeared first on SecurityWeek.
- Ivanti Patches Exploited EPMM Zero-Days2026-01-30
The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely. The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek.
- Cisco Patches Critical Vulnerabilities in Webex, ISE2026-04-16
The flaws can be exploited remotely to impersonate users or execute arbitrary commands on the underlying OS. The post Cisco Patches Critical Vulnerabilities in Webex, ISE appeared first on SecurityWeek.
- Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities2026-04-14
The security defects allow attackers to escalate privileges and execute arbitrary code remotely. The post Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities appeared first on SecurityWeek.