Vulnerability-Lookup

CVE-2025-20113 (GCVE-0-2025-20113)

Vulnerability from cvelistv5 – Published: 2025-05-21 16:19 – Updated: 2026-02-26 18:28

Title

Cisco Unified Intelligence Center Privilege Escalation Vulnerability

Summary

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.

Severity

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-602 - Client-Side Enforcement of Server-Side Security

Assigner

cisco

References

1 reference

URL	Tags
https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

2 products

Vendor	Product	Version
Cisco	Cisco Unified Contact Center Express	Affected: 10.6(1) Affected: 10.5(1)SU1 Affected: 10.6(1)SU3 Affected: 12.0(1) Affected: 10.0(1)SU1 Affected: 10.6(1)SU1 Affected: 11.0(1)SU1 Affected: 11.5(1)SU1 Affected: 10.5(1) Affected: 11.6(1) Affected: 11.6(2) Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)_SU03_ES01 Affected: 12.5(1)_SU03_ES02 Affected: 12.5(1)_SU02_ES03 Affected: 12.5(1)_SU02_ES04 Affected: 12.5(1)_SU02_ES02 Affected: 12.5(1)_SU01_ES02 Affected: 12.5(1)_SU01_ES03 Affected: 12.5(1)_SU02_ES01 Affected: 11.6(2)ES07 Affected: 11.6(2)ES08 Affected: 12.5(1)_SU01_ES01 Affected: 12.0(1)ES04 Affected: 12.5(1)ES02 Affected: 12.5(1)ES03 Affected: 11.6(2)ES06 Affected: 12.5(1)ES01 Affected: 12.0(1)ES03 Affected: 12.0(1)ES01 Affected: 11.6(2)ES05 Affected: 12.0(1)ES02 Affected: 11.6(2)ES04 Affected: 11.6(2)ES03 Affected: 11.6(2)ES02 Affected: 11.6(2)ES01 Affected: 10.6(1)SU3ES03 Affected: 11.0(1)SU1ES03 Affected: 10.6(1)SU3ES01 Affected: 10.5(1)SU1ES10 Affected: 10.0(1)SU1ES04 Affected: 11.5(1)SU1ES03 Affected: 11.6(1)ES02 Affected: 11.5(1)ES01 Affected: 9.0(2)SU3ES04 Affected: 10.6(1)SU2 Affected: 10.6(1)SU2ES04 Affected: 11.6(1)ES01 Affected: 10.6(1)SU3ES02 Affected: 11.5(1)SU1ES02 Affected: 11.5(1)SU1ES01 Affected: 8.5(1) Affected: 11.0(1)SU1ES02 Affected: 12.5(1)_SU03_ES03 Affected: 12.5(1)_SU03_ES04 Affected: 12.5(1)_SU03_ES05 Affected: 12.5(1)_SU03_ES06
Cisco	Cisco Unified Intelligence Center	Affected: 11.6(1) Affected: 10.5(1) Affected: 11.0(1) Affected: 11.5(1) Affected: 12.0(1) Affected: 12.5(1) Affected: 11.0(2) Affected: 12.6(1) Affected: 12.5(1)SU Affected: 12.6(1)_ET Affected: 12.6(1)_ES05_ET Affected: 11.0(3) Affected: 12.6(2) Affected: 12.6(2)_504_Issue_ET Affected: 12.6.1_ExcelIssue_ET Affected: 12.6(2)_Permalink_ET Affected: 12.6.2_CSCwk19536_ET Affected: 12.6.2_CSCwm96922_ET Affected: 12.5(2)ET_CSCwi79933 Affected: 12.6.2_CSCwn48501_ET

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20113",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-22T03:55:18.300417Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:00.998Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES01"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES07"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES08"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES06"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES05"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES04"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES03"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES01"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1ES10"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1ES04"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "9.0(2)SU3ES04"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2ES04"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES01"
            },
            {
              "status": "affected",
              "version": "8.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES05"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES06"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Intelligence Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES05_ET"
            },
            {
              "status": "affected",
              "version": "11.0(3)"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.6(2)_504_Issue_ET"
            },
            {
              "status": "affected",
              "version": "12.6.1_ExcelIssue_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)_Permalink_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwk19536_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwm96922_ET"
            },
            {
              "status": "affected",
              "version": "12.5(2)ET_CSCwi79933"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwn48501_ET"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\r\n\r\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-602",
              "description": "Client-Side Enforcement of Server-Side Security",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T16:19:41.378Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cuis-priv-esc-3Pk96SU4",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cuis-priv-esc-3Pk96SU4",
        "defects": [
          "CSCwk34893"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Unified Intelligence Center Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20113",
    "datePublished": "2025-05-21T16:19:41.378Z",
    "dateReserved": "2024-10-10T19:15:13.210Z",
    "dateUpdated": "2026-02-26T18:28:00.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-20113",
      "date": "2026-06-02",
      "epss": "0.00238",
      "percentile": "0.47014"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-20113\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2025-05-21T17:15:55.620\",\"lastModified\":\"2025-07-22T14:41:12.307\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\\r\\n\\r\\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en Cisco Unified Intelligence Center podr\u00eda permitir que un atacante remoto autenticado eleve privilegios a Administrador para un conjunto limitado de funciones en un sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente del lado del servidor de los par\u00e1metros proporcionados por el usuario en las solicitudes API o HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud API o HTTP manipulada a un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder, modificar o eliminar datos m\u00e1s all\u00e1 del \u00e1mbito de su nivel de acceso previsto, incluyendo la obtenci\u00f3n de informaci\u00f3n potencialmente confidencial almacenada en el sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-602\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:10.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5601C191-19B9-4CC3-94E0-AB144A6BD02C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D92445EF-1107-456D-8F03-44BA2A385383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.0\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F4F7BC5-E393-4C85-93ED-8F8DBD81A383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.0\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD658DE5-84D2-4527-AF25-09F31572C184\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"060AFE51-F470-4B14-8D74-8B721129A37E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B59061B-ED98-47C6-A8CF-41CA11500AF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF881F48-7268-4A06-A72B-FEE1BD58A193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84C52246-9E02-434A-8E41-76B21DB3F25C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.5\\\\(1\\\\)su:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42B2688A-4E07-4EA0-8304-E168FB672202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EAE9043-E488-4FBE-8A60-377F71D5D126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.6\\\\(1\\\\)_es05_et:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45676746-8B75-4095-A4FF-9AC34CF0E72F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.6\\\\(1\\\\)_et:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D94589CB-61F9-474F-800A-5387FB4AEF9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.6\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A136173-603C-427A-AC03-76CBB6757C92\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:8.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED97AAD8-D02D-42AB-863A-7538A1F6D425\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:9.0\\\\(2\\\\)su3es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1202DE4-CA67-424E-8379-2BC13630F0C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.0\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31854EAF-89B5-40BB-98E7-7EBB2E867C96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.0\\\\(1\\\\)su1es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE1194F1-9CF5-460E-AF26-FB7CDC1EE878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C277058-F33F-4E60-AE89-658CB6558D9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.5\\\\(1\\\\)su1es10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE358FF2-CB8A-4E0D-926E-ED151B585E52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6F83A65-F3AC-4F6B-97A3-9FC582683BCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A766B903-E6DB-4838-90A7-63918C9F8AD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F1F0C70-E644-4DCA-93C2-6BCB331D08E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su2es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF54B434-E765-40B1-B12A-21FC7F415ACE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60839544-11E0-4381-A9AA-21D6FB403F88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su3es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D8114CF-6689-4C97-BD5D-07CC8EEF35A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su3es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D90986B-64ED-44A1-9CF1-7C9FD27555FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su3es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"442E4715-5043-4BF7-8961-C8844A00A7B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.0\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.0\\\\(1\\\\)su1es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.0\\\\(1\\\\)su1es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C17A2AB-33B3-4089-A701-A29A4E55D667\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC6FFA8B-248F-42C7-8A06-3F7E158386EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)su1es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F529FE5-1DE8-43A5-88EE-0980D3A55BCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)su1es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"766350AF-1B2F-4DC0-9DA3-E17B45892163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)su1es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"702E48CC-3858-491C-A328-5D9ADDDC8DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20CF8B80-28C0-407B-BA60-1B07694A3DFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(1\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59A30F7B-9756-40BD-89C1-60E2702CC806\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(1\\\\)es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29A15BB5-0725-4159-B387-74CFBF58F349\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82F5416D-0DF3-48BB-8A23-DBC2B0746195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"908E3B03-7248-44B4-B0DE-E3B3F7FA9555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1705F343-BF9D-4EBC-B833-64F03EDD7C27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"686F6450-99FC-4260-B9CE-B7F313464EFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93851C02-3E0A-41F1-82BB-24546A83E272\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10E25C7A-42B4-40CE-A13B-0252C05FCFD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A92970B-53FD-4ED6-95BC-FDC7BB6780CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE8E4137-3059-46B0-B241-2AA42A3D959E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30A8784D-B7A6-4F13-B89D-4ED910CC0576\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B368DEE7-7639-4D46-997B-2F2409712CAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\)es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B721320B-C72C-4550-B585-9F43439FAB25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\)es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5F18549-A002-4106-9740-6B641E0ECF8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\)es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFF4AD59-6A04-4473-84E0-D99D24D99BC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9715BD0-F519-462E-ACF6-859B203638D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su01_es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB2C8F59-78F2-4E3A-8261-F4EF214F691A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su01_es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3117461-56A5-4957-8BE0-83F44B66AE3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su01_es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B279AE4-9CF7-49F1-A4C3-D8A6301EF136\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su02_es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"860ACAB6-5CB9-468C-90C4-B7C8E9559D2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su02_es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB2D8357-773D-492F-BC5B-F672C4D736A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su02_es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su02_es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D7EEFA-D04C-4769-8C62-B8B5902F79ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E31A16D3-3B40-42EA-BAC3-05A13082CED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21F08B08-23C1-4AD7-AD67-34D196C8470E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05AD3A80-2409-475E-87F5-430E51C53087\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49165652-275C-4AD9-9585-2F130989D404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4480EF1-226E-459E-B2F5-3985A219BBD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A408698-6123-4772-8D11-FE89EBB135D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F9AF5B-3670-4910-9AD8-C1FB90C7190B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78DAF852-5CA1-4D2B-948B-F0E9FB9DA973\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83EDDAAF-0746-4851-B7E5-60E4ED039D02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)su3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BF183D9-CDF6-44D9-B529-F13666A3EE07\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-20113\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-22T03:55:18.300417Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-21T19:36:14.637Z\"}}], \"cna\": {\"title\": \"Cisco Unified Intelligence Center Privilege Escalation Vulnerability\", \"source\": {\"defects\": [\"CSCwk34893\"], \"advisory\": \"cisco-sa-cuis-priv-esc-3Pk96SU4\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Contact Center Express\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.6(1)\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3\"}, {\"status\": \"affected\", \"version\": \"12.0(1)\"}, {\"status\": \"affected\", \"version\": \"10.0(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU1\"}, {\"status\": \"affected\", \"version\": \"11.0(1)SU1\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.6(1)\"}, {\"status\": \"affected\", \"version\": \"11.6(2)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU2\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU3\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES01\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES03\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES04\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU01_ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU01_ES03\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES01\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES07\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES08\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU01_ES01\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES04\"}, {\"status\": \"affected\", \"version\": \"12.5(1)ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)ES03\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES06\"}, {\"status\": \"affected\", \"version\": \"12.5(1)ES01\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES03\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES01\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES05\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES02\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES04\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES03\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES02\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES01\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3ES03\"}, {\"status\": \"affected\", \"version\": \"11.0(1)SU1ES03\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3ES01\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU1ES10\"}, {\"status\": \"affected\", \"version\": \"10.0(1)SU1ES04\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1ES03\"}, {\"status\": \"affected\", \"version\": \"11.6(1)ES02\"}, {\"status\": \"affected\", \"version\": \"11.5(1)ES01\"}, {\"status\": \"affected\", \"version\": \"9.0(2)SU3ES04\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU2\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU2ES04\"}, {\"status\": \"affected\", \"version\": \"11.6(1)ES01\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3ES02\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1ES02\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1ES01\"}, {\"status\": \"affected\", \"version\": \"8.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(1)SU1ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES03\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES04\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES05\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES06\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Intelligence Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.6(1)\"}, {\"status\": \"affected\", \"version\": \"10.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(1)\"}, {\"status\": \"affected\", \"version\": \"11.5(1)\"}, {\"status\": \"affected\", \"version\": \"12.0(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(2)\"}, {\"status\": \"affected\", \"version\": \"12.6(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ET\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ES05_ET\"}, {\"status\": \"affected\", \"version\": \"11.0(3)\"}, {\"status\": \"affected\", \"version\": \"12.6(2)\"}, {\"status\": \"affected\", \"version\": \"12.6(2)_504_Issue_ET\"}, {\"status\": \"affected\", \"version\": \"12.6.1_ExcelIssue_ET\"}, {\"status\": \"affected\", \"version\": \"12.6(2)_Permalink_ET\"}, {\"status\": \"affected\", \"version\": \"12.6.2_CSCwk19536_ET\"}, {\"status\": \"affected\", \"version\": \"12.6.2_CSCwm96922_ET\"}, {\"status\": \"affected\", \"version\": \"12.5(2)ET_CSCwi79933\"}, {\"status\": \"affected\", \"version\": \"12.6.2_CSCwn48501_ET\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4\", \"name\": \"cisco-sa-cuis-priv-esc-3Pk96SU4\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\\r\\n\\r\\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-602\", \"description\": \"Client-Side Enforcement of Server-Side Security\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2025-05-21T16:19:41.378Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-20113\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T18:28:00.998Z\", \"dateReserved\": \"2024-10-10T19:15:13.210Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2025-05-21T16:19:41.378Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2025-AVI-0438

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Cisco	Identity Services Engine	Identity Service Engine versions 3.4 antérieures à 3.4P1
Cisco	Unified Intelligence Center	Unified Intelligence Center versions 12.5 antérieures à 12.5(1)SU ES04
Cisco	Unified Contact Center Express	Unified Contact Center Express versions antérieures à 15
Cisco	Unified Intelligence Center	Unified Intelligence Center versions 12.6 antérieures à 12.6(2)ES04

References

Title

Publication Time

CERTFR-2025-AVI-0438

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Cisco	Identity Services Engine	Identity Service Engine versions 3.4 antérieures à 3.4P1
Cisco	Unified Intelligence Center	Unified Intelligence Center versions 12.5 antérieures à 12.5(1)SU ES04
Cisco	Unified Contact Center Express	Unified Contact Center Express versions antérieures à 15
Cisco	Unified Intelligence Center	Unified Intelligence Center versions 12.6 antérieures à 12.6(2)ES04

References

Title

Publication Time

BDU:2025-06733

Vulnerability from fstec - Published: 21.05.2025

Title

Уязвимость программного средства для создания отчетов Cisco Unified Intelligence Center и программного средства для управления контакт-центрами Unified Contact Center Enterprise (Cisco Unified CCX), связанная с реализацией функций безопасности на стороне клиента, позволяющая нарушителю повысить свои привилегии до уровня root

Description

Уязвимость программного средства для создания отчетов Cisco Unified Intelligence Center и программного средства для управления контакт-центрами Unified Contact Center Enterprise (Cisco Unified CCX) связана с реализацией функций безопасности на стороне клиента. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, повысить свои привилегии до уровня root с помощью отправки специально созданных API-запроса или HTTP-запроса

Severity


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Vendor

Cisco Systems Inc.

Software Name

Unified Intelligence Center, Cisco Unified Contact Center Enterprise

Software Version

от 12.5 до 12.5(1)SU ES04 (Unified Intelligence Center), от 12.6 до 12.6(2)ES04 (Unified Intelligence Center), до 15 (Cisco Unified Contact Center Enterprise)

Possible Mitigations

Использование рекомендаций: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4

CWE

CWE-602

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 12.5 \u0434\u043e 12.5(1)SU ES04 (Unified Intelligence Center), \u043e\u0442 12.6 \u0434\u043e 12.6(2)ES04 (Unified Intelligence Center), \u0434\u043e 15 (Cisco Unified Contact Center Enterprise)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.05.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.06.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.06.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-06733",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-20113",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Unified Intelligence Center, Cisco Unified Contact Center Enterprise",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043e\u0442\u0447\u0435\u0442\u043e\u0432 Cisco Unified Intelligence Center \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0430\u043a\u0442-\u0446\u0435\u043d\u0442\u0440\u0430\u043c\u0438 Unified Contact Center Enterprise (Cisco Unified CCX), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0443\u0440\u043e\u0432\u043d\u044f root",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (CWE-602)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043e\u0442\u0447\u0435\u0442\u043e\u0432 Cisco Unified Intelligence Center \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0430\u043a\u0442-\u0446\u0435\u043d\u0442\u0440\u0430\u043c\u0438 Unified Contact Center Enterprise (Cisco Unified CCX) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0443\u0440\u043e\u0432\u043d\u044f root \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 API-\u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u0438\u043b\u0438 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-602",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)"
}

CISCO-SA-CUIS-PRIV-ESC-3PK96SU4

Vulnerability from csaf_cisco - Published: 2025-05-21 16:00 - Updated: 2025-05-21 16:00

Summary

Cisco Unified Intelligence Center Privilege Escalation Vulnerabilities

Notes

Summary: Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform privilege escalation attacks on an affected system. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Vulnerable Products: These vulnerabilities affect Cisco Unified Intelligence Center, regardless of device configuration, including if it is being used as part of the following Cisco solutions: Packaged Contact Center Enterprise (Packaged CCE) Unified Contact Center Enterprise (Unified CCE) These vulnerabilities also affect Cisco Unified Contact Center Express (Unified CCX) because Cisco Unified CCX includes Cisco Unified Intelligence Center as part of its software bundle. For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.

Products Confirmed Not Vulnerable: Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by these vulnerabilities. Cisco has confirmed that these vulnerabilities do not affect Cisco Finesse.

Details: The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerability. Details about the vulnerabilities are as follows: CVE-2025-20113: Cisco Unified Intelligence Center Privilege Escalation Vulnerability A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug IDs: CSCwk34893 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk34893"] and CSCwk63233 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk63233"] CVE ID: CVE-2025-20113 Security Impact Rating (SIR): High CVSS Base Score: 7.1 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2025-20114: Cisco Unified Intelligence Center Horizontal Privilege Escalation Vulnerability A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug IDs: CSCwk34894 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk34894"]and CSCwk63223 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk63223"] CVE ID: CVE-2025-20114 Security Impact Rating (SIR): Medium CVSS Base Score: 4.3 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Workarounds: There are no workarounds that address these vulnerabilities.

Fixed Software: Cisco has released free software updates ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu"] that address the vulnerabilities described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"] Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. The Cisco Support and Downloads page ["https://www.cisco.com/c/en/us/support/index.html"] on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool. When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"] Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases In the following tables, the left column lists Cisco software releases. The right column indicates whether a release is affected by the vulnerabilities that are described in this advisory and the first release that includes the fix for these vulnerabilities. Customers are advised to upgrade to an appropriate fixed software release ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"] as indicated in this section. Cisco Unified Intelligence Center Release First Fixed Release 12.5 12.5(1)SU ES04 12.6 12.6(2)ES04 15 Not vulnerable. Cisco Unified CCX Release First Fixed Release 12.5(1)SU3 and earlier Migrate to a fixed release. 15 Not vulnerable. The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.

Vulnerability Policy: To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements: The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

Source: Cisco would like to thank Noha Kany of Spark Engineering Consultants for reporting these vulnerabilities.

Legal Disclaimer: THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

CVE-2025-20113

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Cisco Unified Intelligence Center Cisco		—	Vendor Fix fix
Cisco Unified Contact Center Express Cisco		—	Vendor Fix fix

CVE-2025-20114

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Cisco Unified Intelligence Center Cisco		—	Vendor Fix fix
Cisco Unified Contact Center Express Cisco		—	Vendor Fix fix

References

13 references

URL	Category
https://sec.cloudapps.cisco.com/security/center/c…	self
https://sec.cloudapps.cisco.com/security/center/r…	external
https://bst.cloudapps.cisco.com/bugsearch/bug/CSC…	external
https://bst.cloudapps.cisco.com/bugsearch/bug/CSC…	external
https://bst.cloudapps.cisco.com/bugsearch/bug/CSC…	external
https://bst.cloudapps.cisco.com/bugsearch/bug/CSC…	external
https://sec.cloudapps.cisco.com/security/center/r…	external
https://www.cisco.com/c/en/us/products/end-user-l…	external
https://www.cisco.com/c/en/us/support/index.html	external
https://sec.cloudapps.cisco.com/security/center/r…	external
https://www.cisco.com/go/psirt	external
https://www.cisco.com/c/en/us/support/web/tsd-cis…	external
http://www.cisco.com/web/about/security/psirt/sec…	external

Acknowledgments

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "Cisco would like to thank Noha Kany of Spark Engineering Consultants for reporting these vulnerabilities."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform privilege escalation attacks on an affected system.\r\n\r\nFor more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory.\r\n\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\r\n\r\n",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "These vulnerabilities affect Cisco Unified Intelligence Center, regardless of device configuration, including if it is being used as part of the following Cisco solutions:\r\n\r\nPackaged Contact Center Enterprise (Packaged CCE)\r\nUnified Contact Center Enterprise (Unified CCE)\r\n\r\nThese vulnerabilities also affect Cisco Unified Contact Center Express (Unified CCX) because Cisco Unified CCX includes Cisco Unified Intelligence Center as part of its software bundle.\r\n\r\nFor information about which Cisco software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory.",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by these vulnerabilities.\r\n\r\nCisco has confirmed that these vulnerabilities do not affect Cisco Finesse.",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerability.\r\n\r\nDetails about the vulnerabilities are as follows:\r\n\r\nCVE-2025-20113: Cisco Unified Intelligence Center Privilege Escalation Vulnerability\r\n\r\n\r\nA vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\r\n\r\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\nBug IDs: CSCwk34893 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk34893\"] and CSCwk63233 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk63233\"]\r\nCVE ID: CVE-2025-20113\r\nSecurity Impact Rating (SIR): High\r\nCVSS Base Score: 7.1\r\nCVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\r\n\r\nCVE-2025-20114: Cisco Unified Intelligence Center Horizontal Privilege Escalation Vulnerability\r\n\r\n\r\nA vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\nBug IDs: CSCwk34894  [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk34894\"]and CSCwk63223 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk63223\"]\r\nCVE ID: CVE-2025-20114\r\nSecurity Impact Rating (SIR): Medium\r\nCVSS Base Score: 4.3\r\nCVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "title": "Details"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address these vulnerabilities.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "Cisco has released free software updates [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu\"] that address the vulnerabilities described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.\r\n\r\nCustomers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:\r\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nThe Cisco Support and Downloads page [\"https://www.cisco.com/c/en/us/support/index.html\"] on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n  Customers Without Service Contracts\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n      Fixed Releases\r\nIn the following tables, the left column lists Cisco software releases. The right column indicates whether a release is affected by the vulnerabilities that are described in this advisory and the first release that includes the fix for these vulnerabilities. Customers are advised to upgrade to an appropriate fixed software release [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"] as indicated in this section.\r\n        Cisco Unified Intelligence Center Release  First Fixed Release          12.5  12.5(1)SU ES04      12.6  12.6(2)ES04      15  Not vulnerable.\r\n            Cisco Unified CCX Release  First Fixed Release          12.5(1)SU3 and earlier  Migrate to a fixed release.      15  Not vulnerable.\r\nThe Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "Cisco would like to thank Noha Kany of Spark Engineering Consultants for reporting these vulnerabilities.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@cisco.com",
      "issuing_authority": "Cisco PSIRT",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco Unified Intelligence Center Privilege Escalation Vulnerabilities",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "CSCwk34893",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk34893"
      },
      {
        "category": "external",
        "summary": "CSCwk63233",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk63233"
      },
      {
        "category": "external",
        "summary": "CSCwk34894",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk34894"
      },
      {
        "category": "external",
        "summary": "CSCwk63223",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk63223"
      },
      {
        "category": "external",
        "summary": "free software updates",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
        "url": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"
      },
      {
        "category": "external",
        "summary": "Cisco Support and Downloads page",
        "url": "https://www.cisco.com/c/en/us/support/index.html"
      },
      {
        "category": "external",
        "summary": "considering software upgrades",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisories page",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
        "url": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"
      }
    ],
    "title": "Cisco Unified Intelligence Center Privilege Escalation Vulnerabilities",
    "tracking": {
      "current_release_date": "2025-05-21T16:00:00+00:00",
      "generator": {
        "date": "2025-05-21T15:52:52+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-cuis-priv-esc-3Pk96SU4",
      "initial_release_date": "2025-05-21T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2025-05-21T15:52:33+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Cisco Unified Contact Center Express",
            "product": {
              "name": "Cisco Unified Contact Center Express ",
              "product_id": "CSAFPID-92631"
            }
          },
          {
            "category": "product_family",
            "name": "Cisco Unified Intelligence Center",
            "product": {
              "name": "Cisco Unified Intelligence Center ",
              "product_id": "CSAFPID-198393"
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20113",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwk34893"
        },
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwk63233"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-198393",
          "CSAFPID-92631"
        ]
      },
      "release_date": "2025-05-21T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-92631",
            "CSAFPID-198393"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-198393",
            "CSAFPID-92631"
          ]
        }
      ],
      "title": "Cisco Unified Intelligence Center Privilege Escalation Vulnerability"
    },
    {
      "cve": "CVE-2025-20114",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwk34894"
        },
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwk63223"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-198393",
          "CSAFPID-92631"
        ]
      },
      "release_date": "2025-05-21T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-92631",
            "CSAFPID-198393"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-198393",
            "CSAFPID-92631"
          ]
        }
      ],
      "title": "Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability"
    }
  ]
}

FKIE_CVE-2025-20113

Vulnerability from fkie_nvd - Published: 2025-05-21 17:15 - Updated: 2025-07-22 14:41

Severity

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Summary

References

	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unified_intelligence_center	10.5\(1\)
cisco	unified_intelligence_center	11.0\(1\)
cisco	unified_intelligence_center	11.0\(2\)
cisco	unified_intelligence_center	11.0\(3\)
cisco	unified_intelligence_center	11.5\(1\)
cisco	unified_intelligence_center	11.6\(1\)
cisco	unified_intelligence_center	12.0\(1\)
cisco	unified_intelligence_center	12.5\(1\)
cisco	unified_intelligence_center	12.5\(1\)su
cisco	unified_intelligence_center	12.6\(1\)
cisco	unified_intelligence_center	12.6\(1\)_es05_et
cisco	unified_intelligence_center	12.6\(1\)_et
cisco	unified_intelligence_center	12.6\(2\)
cisco	unified_contact_center_express	8.5\(1\)
cisco	unified_contact_center_express	9.0\(2\)su3es04
cisco	unified_contact_center_express	10.0\(1\)su1
cisco	unified_contact_center_express	10.0\(1\)su1es04
cisco	unified_contact_center_express	10.5\(1\)
cisco	unified_contact_center_express	10.5\(1\)su1
cisco	unified_contact_center_express	10.5\(1\)su1es10
cisco	unified_contact_center_express	10.6\(1\)
cisco	unified_contact_center_express	10.6\(1\)su1
cisco	unified_contact_center_express	10.6\(1\)su2
cisco	unified_contact_center_express	10.6\(1\)su2es04
cisco	unified_contact_center_express	10.6\(1\)su3
cisco	unified_contact_center_express	10.6\(1\)su3es01
cisco	unified_contact_center_express	10.6\(1\)su3es02
cisco	unified_contact_center_express	10.6\(1\)su3es03
cisco	unified_contact_center_express	11.0\(1\)su1
cisco	unified_contact_center_express	11.0\(1\)su1es02
cisco	unified_contact_center_express	11.0\(1\)su1es03
cisco	unified_contact_center_express	11.5\(1\)es01
cisco	unified_contact_center_express	11.5\(1\)su1
cisco	unified_contact_center_express	11.5\(1\)su1es01
cisco	unified_contact_center_express	11.5\(1\)su1es02
cisco	unified_contact_center_express	11.5\(1\)su1es03
cisco	unified_contact_center_express	11.6\(1\)
cisco	unified_contact_center_express	11.6\(1\)es01
cisco	unified_contact_center_express	11.6\(1\)es02
cisco	unified_contact_center_express	11.6\(2\)
cisco	unified_contact_center_express	11.6\(2\)es01
cisco	unified_contact_center_express	11.6\(2\)es02
cisco	unified_contact_center_express	11.6\(2\)es03
cisco	unified_contact_center_express	11.6\(2\)es04
cisco	unified_contact_center_express	11.6\(2\)es05
cisco	unified_contact_center_express	11.6\(2\)es06
cisco	unified_contact_center_express	11.6\(2\)es07
cisco	unified_contact_center_express	11.6\(2\)es08
cisco	unified_contact_center_express	12.0\(1\)
cisco	unified_contact_center_express	12.0\(1\)es01
cisco	unified_contact_center_express	12.0\(1\)es02
cisco	unified_contact_center_express	12.0\(1\)es03
cisco	unified_contact_center_express	12.0\(1\)es04
cisco	unified_contact_center_express	12.5\(1\)
cisco	unified_contact_center_express	12.5\(1\)_su01_es01
cisco	unified_contact_center_express	12.5\(1\)_su01_es02
cisco	unified_contact_center_express	12.5\(1\)_su01_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es01
cisco	unified_contact_center_express	12.5\(1\)_su02_es02
cisco	unified_contact_center_express	12.5\(1\)_su02_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es01
cisco	unified_contact_center_express	12.5\(1\)_su03_es02
cisco	unified_contact_center_express	12.5\(1\)_su03_es03
cisco	unified_contact_center_express	12.5\(1\)_su03_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es05
cisco	unified_contact_center_express	12.5\(1\)_su03_es06
cisco	unified_contact_center_express	12.5\(1\)es01
cisco	unified_contact_center_express	12.5\(1\)es02
cisco	unified_contact_center_express	12.5\(1\)es03
cisco	unified_contact_center_express	12.5\(1\)su1
cisco	unified_contact_center_express	12.5\(1\)su2
cisco	unified_contact_center_express	12.5\(1\)su3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5601C191-19B9-4CC3-94E0-AB144A6BD02C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D92445EF-1107-456D-8F03-44BA2A385383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2F4F7BC5-E393-4C85-93ED-8F8DBD81A383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BD658DE5-84D2-4527-AF25-09F31572C184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "060AFE51-F470-4B14-8D74-8B721129A37E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7B59061B-ED98-47C6-A8CF-41CA11500AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DF881F48-7268-4A06-A72B-FEE1BD58A193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "84C52246-9E02-434A-8E41-76B21DB3F25C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.5\\(1\\)su:*:*:*:*:*:*:*",
              "matchCriteriaId": "42B2688A-4E07-4EA0-8304-E168FB672202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0EAE9043-E488-4FBE-8A60-377F71D5D126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\)_es05_et:*:*:*:*:*:*:*",
              "matchCriteriaId": "45676746-8B75-4095-A4FF-9AC34CF0E72F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\)_et:*:*:*:*:*:*:*",
              "matchCriteriaId": "D94589CB-61F9-474F-800A-5387FB4AEF9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0A136173-603C-427A-AC03-76CBB6757C92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:8.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "ED97AAD8-D02D-42AB-863A-7538A1F6D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su3es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1202DE4-CA67-424E-8379-2BC13630F0C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31854EAF-89B5-40BB-98E7-7EBB2E867C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE1194F1-9CF5-460E-AF26-FB7CDC1EE878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1es10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE358FF2-CB8A-4E0D-926E-ED151B585E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A766B903-E6DB-4838-90A7-63918C9F8AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1F0C70-E644-4DCA-93C2-6BCB331D08E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF54B434-E765-40B1-B12A-21FC7F415ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60839544-11E0-4381-A9AA-21D6FB403F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D8114CF-6689-4C97-BD5D-07CC8EEF35A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D90986B-64ED-44A1-9CF1-7C9FD27555FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "442E4715-5043-4BF7-8961-C8844A00A7B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C17A2AB-33B3-4089-A701-A29A4E55D667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6FFA8B-248F-42C7-8A06-3F7E158386EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F529FE5-1DE8-43A5-88EE-0980D3A55BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "766350AF-1B2F-4DC0-9DA3-E17B45892163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "702E48CC-3858-491C-A328-5D9ADDDC8DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "20CF8B80-28C0-407B-BA60-1B07694A3DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "59A30F7B-9756-40BD-89C1-60E2702CC806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A15BB5-0725-4159-B387-74CFBF58F349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "82F5416D-0DF3-48BB-8A23-DBC2B0746195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "908E3B03-7248-44B4-B0DE-E3B3F7FA9555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1705F343-BF9D-4EBC-B833-64F03EDD7C27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "686F6450-99FC-4260-B9CE-B7F313464EFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "93851C02-3E0A-41F1-82BB-24546A83E272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E25C7A-42B4-40CE-A13B-0252C05FCFD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es07:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A92970B-53FD-4ED6-95BC-FDC7BB6780CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es08:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8E4137-3059-46B0-B241-2AA42A3D959E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "30A8784D-B7A6-4F13-B89D-4ED910CC0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "B368DEE7-7639-4D46-997B-2F2409712CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "B721320B-C72C-4550-B585-9F43439FAB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F18549-A002-4106-9740-6B641E0ECF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF4AD59-6A04-4473-84E0-D99D24D99BC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A9715BD0-F519-462E-ACF6-859B203638D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB2C8F59-78F2-4E3A-8261-F4EF214F691A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3117461-56A5-4957-8BE0-83F44B66AE3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B279AE4-9CF7-49F1-A4C3-D8A6301EF136",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "860ACAB6-5CB9-468C-90C4-B7C8E9559D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2D8357-773D-492F-BC5B-F672C4D736A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D7EEFA-D04C-4769-8C62-B8B5902F79ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "E31A16D3-3B40-42EA-BAC3-05A13082CED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F08B08-23C1-4AD7-AD67-34D196C8470E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD3A80-2409-475E-87F5-430E51C53087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "49165652-275C-4AD9-9585-2F130989D404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4480EF1-226E-459E-B2F5-3985A219BBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A408698-6123-4772-8D11-FE89EBB135D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F9AF5B-3670-4910-9AD8-C1FB90C7190B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "78DAF852-5CA1-4D2B-948B-F0E9FB9DA973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EDDAAF-0746-4851-B7E5-60E4ED039D02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF183D9-CDF6-44D9-B529-F13666A3EE07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\r\n\r\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Cisco Unified Intelligence Center podr\u00eda permitir que un atacante remoto autenticado eleve privilegios a Administrador para un conjunto limitado de funciones en un sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente del lado del servidor de los par\u00e1metros proporcionados por el usuario en las solicitudes API o HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud API o HTTP manipulada a un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder, modificar o eliminar datos m\u00e1s all\u00e1 del \u00e1mbito de su nivel de acceso previsto, incluyendo la obtenci\u00f3n de informaci\u00f3n potencialmente confidencial almacenada en el sistema."
    }
  ],
  "id": "CVE-2025-20113",
  "lastModified": "2025-07-22T14:41:12.307",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-21T17:15:55.620",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-602"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    }
  ]
}

GHSA-435V-Q3PR-69H4

Vulnerability from github – Published: 2025-05-21 18:33 – Updated: 2025-05-21 18:33

Details

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.

This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.

Severity

7.1 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-20113"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-602"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-21T17:15:55Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\n\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.",
  "id": "GHSA-435v-q3pr-69h4",
  "modified": "2025-05-21T18:33:31Z",
  "published": "2025-05-21T18:33:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20113"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

NCSC-2025-0174

Vulnerability from csaf_ncscnl - Published: 2025-05-22 08:14 - Updated: 2025-05-22 08:14

Summary

Kwetsbaarheden verholpen in Cisco Unified Intelligence Center

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Cisco heeft kwetsbaarheden verholpen in Cisco Unified Intelligence Center.

Interpretaties: De kwetsbaarheden bevinden zich in de wijze waarop de API van Cisco Unified Intelligence Center gebruikersparameters valideert. Dit kan leiden tot privilege-escalatie, waarbij geauthenticeerde aanvallers ongeautoriseerde toegang kunnen krijgen tot gevoelige gegevens van andere gebruikers.

Oplossingen: Cisco heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-602: Client-Side Enforcement of Server-Side Security

CWE-639: Authorization Bypass Through User-Controlled Key

CVE-2025-20113

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE-602 - Client-Side Enforcement of Server-Side Security

Affected products

Known affected 82 products

Product	Identifier	Version	Remediation
vers:unknown/11.6(2) Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)
vers:unknown/10.6(1) Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)
vers:unknown/10.0(1)su1 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.0(1)su1
vers:unknown/10.0(1)su1es04 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.0(1)su1es04
vers:unknown/10.5(1) Cisco / Cisco Unified Contact Center Express		vers:unknown/10.5(1)
vers:unknown/10.5(1)su1 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.5(1)su1
vers:unknown/10.5(1)su1es10 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.5(1)su1es10
vers:unknown/10.6(1)su1 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)su1
vers:unknown/10.6(1)su2 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)su2
vers:unknown/10.6(1)su2es04 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)su2es04
vers:unknown/10.6(1)su3 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)su3
vers:unknown/10.6(1)su3es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)su3es01
vers:unknown/10.6(1)su3es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)su3es02
vers:unknown/10.6(1)su3es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)su3es03
vers:unknown/11.0(1)su1 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.0(1)su1
vers:unknown/11.0(1)su1es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.0(1)su1es02
vers:unknown/11.0(1)su1es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.0(1)su1es03
vers:unknown/11.5(1)es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.5(1)es01
vers:unknown/11.5(1)su1 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.5(1)su1
vers:unknown/11.5(1)su1es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.5(1)su1es01
vers:unknown/11.5(1)su1es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.5(1)su1es02
vers:unknown/11.5(1)su1es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.5(1)su1es03
vers:unknown/11.6(1) Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(1)
vers:unknown/11.6(1)es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(1)es01
vers:unknown/11.6(1)es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(1)es02
vers:unknown/11.6(2)es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es01
vers:unknown/11.6(2)es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es02
vers:unknown/11.6(2)es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es03
vers:unknown/11.6(2)es04 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es04
vers:unknown/11.6(2)es05 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es05
vers:unknown/11.6(2)es06 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es06
vers:unknown/11.6(2)es07 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es07
vers:unknown/11.6(2)es08 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es08
vers:unknown/12.0(1) Cisco / Cisco Unified Contact Center Express		vers:unknown/12.0(1)
vers:unknown/12.0(1)es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.0(1)es01
vers:unknown/12.0(1)es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.0(1)es02
vers:unknown/12.0(1)es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.0(1)es03
vers:unknown/12.0(1)es04 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.0(1)es04
vers:unknown/12.5(1) Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)
vers:unknown/12.5(1)_su01_es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su01_es01
vers:unknown/12.5(1)_su01_es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su01_es02
vers:unknown/12.5(1)_su01_es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su01_es03
vers:unknown/12.5(1)_su02_es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su02_es01
vers:unknown/12.5(1)_su02_es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su02_es02
vers:unknown/12.5(1)_su02_es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su02_es03
vers:unknown/12.5(1)_su02_es04 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su02_es04
vers:unknown/12.5(1)_su03_es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su03_es01
vers:unknown/12.5(1)_su03_es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su03_es02
vers:unknown/12.5(1)_su03_es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su03_es03
vers:unknown/12.5(1)_su03_es04 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su03_es04
vers:unknown/12.5(1)_su03_es05 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su03_es05
vers:unknown/12.5(1)_su03_es06 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su03_es06
vers:unknown/12.5(1)es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)es01
vers:unknown/12.5(1)es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)es02
vers:unknown/12.5(1)es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)es03
vers:unknown/12.5(1)su1 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)su1
vers:unknown/12.5(1)su2 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)su2
vers:unknown/12.5(1)su3 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)su3
vers:unknown/8.5(1) Cisco / Cisco Unified Contact Center Express		vers:unknown/8.5(1)
vers:unknown/9.0(2)su3es04 Cisco / Cisco Unified Contact Center Express		vers:unknown/9.0(2)su3es04
vers:unknown/10.5(1) Cisco / Cisco Unified Intelligence Center		vers:unknown/10.5(1)
vers:unknown/11.0(1) Cisco / Cisco Unified Intelligence Center		vers:unknown/11.0(1)
vers:unknown/11.0(2) Cisco / Cisco Unified Intelligence Center		vers:unknown/11.0(2)
vers:unknown/11.0(3) Cisco / Cisco Unified Intelligence Center		vers:unknown/11.0(3)
vers:unknown/11.5(1) Cisco / Cisco Unified Intelligence Center		vers:unknown/11.5(1)
vers:unknown/11.6(1) Cisco / Cisco Unified Intelligence Center		vers:unknown/11.6(1)
vers:unknown/12.0(1) Cisco / Cisco Unified Intelligence Center		vers:unknown/12.0(1)
vers:unknown/12.5(1) Cisco / Cisco Unified Intelligence Center		vers:unknown/12.5(1)
vers:unknown/12.5(1)su Cisco / Cisco Unified Intelligence Center		vers:unknown/12.5(1)su
vers:unknown/12.5(2)et_cscwi79933 Cisco / Cisco Unified Intelligence Center		vers:unknown/12.5(2)et_cscwi79933
vers:unknown/12.6(1) Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6(1)
vers:unknown/12.6(1)_es05_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6(1)_es05_et
vers:unknown/12.6(1)_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6(1)_et
vers:unknown/12.6(2) Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6(2)
vers:unknown/12.6(2)_504_issue_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6(2)_504_issue_et
vers:unknown/12.6(2)_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6(2)_et
vers:unknown/12.6(2)_permalink_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6(2)_permalink_et
vers:unknown/12.6.1_excelissue_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6.1_excelissue_et
vers:unknown/12.6.2_amq_oos_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6.2_amq_oos_et
vers:unknown/12.6.2_cscwk19536_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6.2_cscwk19536_et
vers:unknown/12.6.2_cscwm96922_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6.2_cscwm96922_et
vers:unknown/12.6.2_cscwn48501_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6.2_cscwn48501_et

CVE-2025-20114

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-639 - Authorization Bypass Through User-Controlled Key

Affected products

Known affected 82 products

Product	Identifier	Version	Remediation
vers:unknown/11.6(2) Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)
vers:unknown/10.6(1) Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)
vers:unknown/10.0(1)su1 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.0(1)su1
vers:unknown/10.0(1)su1es04 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.0(1)su1es04
vers:unknown/10.5(1) Cisco / Cisco Unified Contact Center Express		vers:unknown/10.5(1)
vers:unknown/10.5(1)su1 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.5(1)su1
vers:unknown/10.5(1)su1es10 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.5(1)su1es10
vers:unknown/10.6(1)su1 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)su1
vers:unknown/10.6(1)su2 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)su2
vers:unknown/10.6(1)su2es04 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)su2es04
vers:unknown/10.6(1)su3 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)su3
vers:unknown/10.6(1)su3es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)su3es01
vers:unknown/10.6(1)su3es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)su3es02
vers:unknown/10.6(1)su3es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/10.6(1)su3es03
vers:unknown/11.0(1)su1 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.0(1)su1
vers:unknown/11.0(1)su1es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.0(1)su1es02
vers:unknown/11.0(1)su1es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.0(1)su1es03
vers:unknown/11.5(1)es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.5(1)es01
vers:unknown/11.5(1)su1 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.5(1)su1
vers:unknown/11.5(1)su1es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.5(1)su1es01
vers:unknown/11.5(1)su1es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.5(1)su1es02
vers:unknown/11.5(1)su1es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.5(1)su1es03
vers:unknown/11.6(1) Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(1)
vers:unknown/11.6(1)es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(1)es01
vers:unknown/11.6(1)es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(1)es02
vers:unknown/11.6(2)es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es01
vers:unknown/11.6(2)es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es02
vers:unknown/11.6(2)es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es03
vers:unknown/11.6(2)es04 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es04
vers:unknown/11.6(2)es05 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es05
vers:unknown/11.6(2)es06 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es06
vers:unknown/11.6(2)es07 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es07
vers:unknown/11.6(2)es08 Cisco / Cisco Unified Contact Center Express		vers:unknown/11.6(2)es08
vers:unknown/12.0(1) Cisco / Cisco Unified Contact Center Express		vers:unknown/12.0(1)
vers:unknown/12.0(1)es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.0(1)es01
vers:unknown/12.0(1)es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.0(1)es02
vers:unknown/12.0(1)es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.0(1)es03
vers:unknown/12.0(1)es04 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.0(1)es04
vers:unknown/12.5(1) Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)
vers:unknown/12.5(1)_su01_es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su01_es01
vers:unknown/12.5(1)_su01_es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su01_es02
vers:unknown/12.5(1)_su01_es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su01_es03
vers:unknown/12.5(1)_su02_es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su02_es01
vers:unknown/12.5(1)_su02_es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su02_es02
vers:unknown/12.5(1)_su02_es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su02_es03
vers:unknown/12.5(1)_su02_es04 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su02_es04
vers:unknown/12.5(1)_su03_es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su03_es01
vers:unknown/12.5(1)_su03_es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su03_es02
vers:unknown/12.5(1)_su03_es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su03_es03
vers:unknown/12.5(1)_su03_es04 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su03_es04
vers:unknown/12.5(1)_su03_es05 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su03_es05
vers:unknown/12.5(1)_su03_es06 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)_su03_es06
vers:unknown/12.5(1)es01 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)es01
vers:unknown/12.5(1)es02 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)es02
vers:unknown/12.5(1)es03 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)es03
vers:unknown/12.5(1)su1 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)su1
vers:unknown/12.5(1)su2 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)su2
vers:unknown/12.5(1)su3 Cisco / Cisco Unified Contact Center Express		vers:unknown/12.5(1)su3
vers:unknown/8.5(1) Cisco / Cisco Unified Contact Center Express		vers:unknown/8.5(1)
vers:unknown/9.0(2)su3es04 Cisco / Cisco Unified Contact Center Express		vers:unknown/9.0(2)su3es04
vers:unknown/10.5(1) Cisco / Cisco Unified Intelligence Center		vers:unknown/10.5(1)
vers:unknown/11.0(1) Cisco / Cisco Unified Intelligence Center		vers:unknown/11.0(1)
vers:unknown/11.0(2) Cisco / Cisco Unified Intelligence Center		vers:unknown/11.0(2)
vers:unknown/11.0(3) Cisco / Cisco Unified Intelligence Center		vers:unknown/11.0(3)
vers:unknown/11.5(1) Cisco / Cisco Unified Intelligence Center		vers:unknown/11.5(1)
vers:unknown/11.6(1) Cisco / Cisco Unified Intelligence Center		vers:unknown/11.6(1)
vers:unknown/12.0(1) Cisco / Cisco Unified Intelligence Center		vers:unknown/12.0(1)
vers:unknown/12.5(1) Cisco / Cisco Unified Intelligence Center		vers:unknown/12.5(1)
vers:unknown/12.5(1)su Cisco / Cisco Unified Intelligence Center		vers:unknown/12.5(1)su
vers:unknown/12.5(2)et_cscwi79933 Cisco / Cisco Unified Intelligence Center		vers:unknown/12.5(2)et_cscwi79933
vers:unknown/12.6(1) Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6(1)
vers:unknown/12.6(1)_es05_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6(1)_es05_et
vers:unknown/12.6(1)_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6(1)_et
vers:unknown/12.6(2) Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6(2)
vers:unknown/12.6(2)_504_issue_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6(2)_504_issue_et
vers:unknown/12.6(2)_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6(2)_et
vers:unknown/12.6(2)_permalink_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6(2)_permalink_et
vers:unknown/12.6.1_excelissue_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6.1_excelissue_et
vers:unknown/12.6.2_amq_oos_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6.2_amq_oos_et
vers:unknown/12.6.2_cscwk19536_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6.2_cscwk19536_et
vers:unknown/12.6.2_cscwm96922_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6.2_cscwm96922_et
vers:unknown/12.6.2_cscwn48501_et Cisco / Cisco Unified Intelligence Center		vers:unknown/12.6.2_cscwn48501_et

References

3 references

URL	Category
https://sec.cloudapps.cisco.com/security/center/c…	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Cisco heeft kwetsbaarheden verholpen in Cisco Unified Intelligence Center.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden bevinden zich in de wijze waarop de API van Cisco Unified Intelligence Center gebruikersparameters valideert. Dit kan leiden tot privilege-escalatie, waarbij geauthenticeerde aanvallers ongeautoriseerde toegang kunnen krijgen tot gevoelige gegevens van andere gebruikers.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Cisco heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Client-Side Enforcement of Server-Side Security",
        "title": "CWE-602"
      },
      {
        "category": "general",
        "text": "Authorization Bypass Through User-Controlled Key",
        "title": "CWE-639"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cisco; cveprojectv5; nvd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Cisco Unified Intelligence Center",
    "tracking": {
      "current_release_date": "2025-05-22T08:14:14.245836Z",
      "generator": {
        "date": "2025-02-25T15:15:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.0"
        }
      },
      "id": "NCSC-2025-0174",
      "initial_release_date": "2025-05-22T08:14:14.245836Z",
      "revision_history": [
        {
          "date": "2025-05-22T08:14:14.245836Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.6(2)",
                "product": {
                  "name": "vers:unknown/11.6(2)",
                  "product_id": "CSAFPID-2856825"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.6(1)",
                "product": {
                  "name": "vers:unknown/10.6(1)",
                  "product_id": "CSAFPID-2856815"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0(1)su1",
                "product": {
                  "name": "vers:unknown/10.0(1)su1",
                  "product_id": "CSAFPID-2856819"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0(1)su1es04",
                "product": {
                  "name": "vers:unknown/10.0(1)su1es04",
                  "product_id": "CSAFPID-2856858"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.5(1)",
                "product": {
                  "name": "vers:unknown/10.5(1)",
                  "product_id": "CSAFPID-2856823"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.5(1)su1",
                "product": {
                  "name": "vers:unknown/10.5(1)su1",
                  "product_id": "CSAFPID-2856816"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.5(1)su1es10",
                "product": {
                  "name": "vers:unknown/10.5(1)su1es10",
                  "product_id": "CSAFPID-2856857"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.6(1)su1",
                "product": {
                  "name": "vers:unknown/10.6(1)su1",
                  "product_id": "CSAFPID-2856820"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.6(1)su2",
                "product": {
                  "name": "vers:unknown/10.6(1)su2",
                  "product_id": "CSAFPID-2856863"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.6(1)su2es04",
                "product": {
                  "name": "vers:unknown/10.6(1)su2es04",
                  "product_id": "CSAFPID-2856864"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.6(1)su3",
                "product": {
                  "name": "vers:unknown/10.6(1)su3",
                  "product_id": "CSAFPID-2856817"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.6(1)su3es01",
                "product": {
                  "name": "vers:unknown/10.6(1)su3es01",
                  "product_id": "CSAFPID-2856856"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.6(1)su3es02",
                "product": {
                  "name": "vers:unknown/10.6(1)su3es02",
                  "product_id": "CSAFPID-2856866"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.6(1)su3es03",
                "product": {
                  "name": "vers:unknown/10.6(1)su3es03",
                  "product_id": "CSAFPID-2856854"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.0(1)su1",
                "product": {
                  "name": "vers:unknown/11.0(1)su1",
                  "product_id": "CSAFPID-2856821"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.0(1)su1es02",
                "product": {
                  "name": "vers:unknown/11.0(1)su1es02",
                  "product_id": "CSAFPID-2856870"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.0(1)su1es03",
                "product": {
                  "name": "vers:unknown/11.0(1)su1es03",
                  "product_id": "CSAFPID-2856855"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.5(1)es01",
                "product": {
                  "name": "vers:unknown/11.5(1)es01",
                  "product_id": "CSAFPID-2856861"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.5(1)su1",
                "product": {
                  "name": "vers:unknown/11.5(1)su1",
                  "product_id": "CSAFPID-2856822"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.5(1)su1es01",
                "product": {
                  "name": "vers:unknown/11.5(1)su1es01",
                  "product_id": "CSAFPID-2856868"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.5(1)su1es02",
                "product": {
                  "name": "vers:unknown/11.5(1)su1es02",
                  "product_id": "CSAFPID-2856867"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.5(1)su1es03",
                "product": {
                  "name": "vers:unknown/11.5(1)su1es03",
                  "product_id": "CSAFPID-2856859"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.6(1)",
                "product": {
                  "name": "vers:unknown/11.6(1)",
                  "product_id": "CSAFPID-2856824"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.6(1)es01",
                "product": {
                  "name": "vers:unknown/11.6(1)es01",
                  "product_id": "CSAFPID-2856865"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.6(1)es02",
                "product": {
                  "name": "vers:unknown/11.6(1)es02",
                  "product_id": "CSAFPID-2856860"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.6(2)es01",
                "product": {
                  "name": "vers:unknown/11.6(2)es01",
                  "product_id": "CSAFPID-2856853"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.6(2)es02",
                "product": {
                  "name": "vers:unknown/11.6(2)es02",
                  "product_id": "CSAFPID-2856852"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.6(2)es03",
                "product": {
                  "name": "vers:unknown/11.6(2)es03",
                  "product_id": "CSAFPID-2856851"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.6(2)es04",
                "product": {
                  "name": "vers:unknown/11.6(2)es04",
                  "product_id": "CSAFPID-2856850"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.6(2)es05",
                "product": {
                  "name": "vers:unknown/11.6(2)es05",
                  "product_id": "CSAFPID-2856848"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.6(2)es06",
                "product": {
                  "name": "vers:unknown/11.6(2)es06",
                  "product_id": "CSAFPID-2856844"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.6(2)es07",
                "product": {
                  "name": "vers:unknown/11.6(2)es07",
                  "product_id": "CSAFPID-2856838"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.6(2)es08",
                "product": {
                  "name": "vers:unknown/11.6(2)es08",
                  "product_id": "CSAFPID-2856839"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.0(1)",
                "product": {
                  "name": "vers:unknown/12.0(1)",
                  "product_id": "CSAFPID-2856818"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.0(1)es01",
                "product": {
                  "name": "vers:unknown/12.0(1)es01",
                  "product_id": "CSAFPID-2856847"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.0(1)es02",
                "product": {
                  "name": "vers:unknown/12.0(1)es02",
                  "product_id": "CSAFPID-2856849"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.0(1)es03",
                "product": {
                  "name": "vers:unknown/12.0(1)es03",
                  "product_id": "CSAFPID-2856846"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.0(1)es04",
                "product": {
                  "name": "vers:unknown/12.0(1)es04",
                  "product_id": "CSAFPID-2856841"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)",
                "product": {
                  "name": "vers:unknown/12.5(1)",
                  "product_id": "CSAFPID-2856826"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)_su01_es01",
                "product": {
                  "name": "vers:unknown/12.5(1)_su01_es01",
                  "product_id": "CSAFPID-2856840"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)_su01_es02",
                "product": {
                  "name": "vers:unknown/12.5(1)_su01_es02",
                  "product_id": "CSAFPID-2856835"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)_su01_es03",
                "product": {
                  "name": "vers:unknown/12.5(1)_su01_es03",
                  "product_id": "CSAFPID-2856836"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)_su02_es01",
                "product": {
                  "name": "vers:unknown/12.5(1)_su02_es01",
                  "product_id": "CSAFPID-2856837"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)_su02_es02",
                "product": {
                  "name": "vers:unknown/12.5(1)_su02_es02",
                  "product_id": "CSAFPID-2856834"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)_su02_es03",
                "product": {
                  "name": "vers:unknown/12.5(1)_su02_es03",
                  "product_id": "CSAFPID-2856832"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)_su02_es04",
                "product": {
                  "name": "vers:unknown/12.5(1)_su02_es04",
                  "product_id": "CSAFPID-2856833"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)_su03_es01",
                "product": {
                  "name": "vers:unknown/12.5(1)_su03_es01",
                  "product_id": "CSAFPID-2856830"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)_su03_es02",
                "product": {
                  "name": "vers:unknown/12.5(1)_su03_es02",
                  "product_id": "CSAFPID-2856831"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)_su03_es03",
                "product": {
                  "name": "vers:unknown/12.5(1)_su03_es03",
                  "product_id": "CSAFPID-2856871"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)_su03_es04",
                "product": {
                  "name": "vers:unknown/12.5(1)_su03_es04",
                  "product_id": "CSAFPID-2856872"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)_su03_es05",
                "product": {
                  "name": "vers:unknown/12.5(1)_su03_es05",
                  "product_id": "CSAFPID-2856873"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)_su03_es06",
                "product": {
                  "name": "vers:unknown/12.5(1)_su03_es06",
                  "product_id": "CSAFPID-2856874"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)es01",
                "product": {
                  "name": "vers:unknown/12.5(1)es01",
                  "product_id": "CSAFPID-2856845"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)es02",
                "product": {
                  "name": "vers:unknown/12.5(1)es02",
                  "product_id": "CSAFPID-2856842"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)es03",
                "product": {
                  "name": "vers:unknown/12.5(1)es03",
                  "product_id": "CSAFPID-2856843"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)su1",
                "product": {
                  "name": "vers:unknown/12.5(1)su1",
                  "product_id": "CSAFPID-2856827"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)su2",
                "product": {
                  "name": "vers:unknown/12.5(1)su2",
                  "product_id": "CSAFPID-2856828"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)su3",
                "product": {
                  "name": "vers:unknown/12.5(1)su3",
                  "product_id": "CSAFPID-2856829"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/8.5(1)",
                "product": {
                  "name": "vers:unknown/8.5(1)",
                  "product_id": "CSAFPID-2856869"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/9.0(2)su3es04",
                "product": {
                  "name": "vers:unknown/9.0(2)su3es04",
                  "product_id": "CSAFPID-2856862"
                }
              }
            ],
            "category": "product_name",
            "name": "Cisco Unified Contact Center Express"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.5(1)",
                "product": {
                  "name": "vers:unknown/10.5(1)",
                  "product_id": "CSAFPID-2856876"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.0(1)",
                "product": {
                  "name": "vers:unknown/11.0(1)",
                  "product_id": "CSAFPID-2856877"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.0(2)",
                "product": {
                  "name": "vers:unknown/11.0(2)",
                  "product_id": "CSAFPID-2856881"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.0(3)",
                "product": {
                  "name": "vers:unknown/11.0(3)",
                  "product_id": "CSAFPID-2856886"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.5(1)",
                "product": {
                  "name": "vers:unknown/11.5(1)",
                  "product_id": "CSAFPID-2856878"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/11.6(1)",
                "product": {
                  "name": "vers:unknown/11.6(1)",
                  "product_id": "CSAFPID-2856875"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.0(1)",
                "product": {
                  "name": "vers:unknown/12.0(1)",
                  "product_id": "CSAFPID-2856879"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)",
                "product": {
                  "name": "vers:unknown/12.5(1)",
                  "product_id": "CSAFPID-2856880"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(1)su",
                "product": {
                  "name": "vers:unknown/12.5(1)su",
                  "product_id": "CSAFPID-2856883"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.5(2)et_cscwi79933",
                "product": {
                  "name": "vers:unknown/12.5(2)et_cscwi79933",
                  "product_id": "CSAFPID-2856893"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.6(1)",
                "product": {
                  "name": "vers:unknown/12.6(1)",
                  "product_id": "CSAFPID-2856882"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.6(1)_es05_et",
                "product": {
                  "name": "vers:unknown/12.6(1)_es05_et",
                  "product_id": "CSAFPID-2856885"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.6(1)_et",
                "product": {
                  "name": "vers:unknown/12.6(1)_et",
                  "product_id": "CSAFPID-2856884"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.6(2)",
                "product": {
                  "name": "vers:unknown/12.6(2)",
                  "product_id": "CSAFPID-2856887"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.6(2)_504_issue_et",
                "product": {
                  "name": "vers:unknown/12.6(2)_504_issue_et",
                  "product_id": "CSAFPID-2856888"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.6(2)_et",
                "product": {
                  "name": "vers:unknown/12.6(2)_et",
                  "product_id": "CSAFPID-2857053"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.6(2)_permalink_et",
                "product": {
                  "name": "vers:unknown/12.6(2)_permalink_et",
                  "product_id": "CSAFPID-2856890"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.6.1_excelissue_et",
                "product": {
                  "name": "vers:unknown/12.6.1_excelissue_et",
                  "product_id": "CSAFPID-2856889"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.6.2_amq_oos_et",
                "product": {
                  "name": "vers:unknown/12.6.2_amq_oos_et",
                  "product_id": "CSAFPID-2857052"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.6.2_cscwk19536_et",
                "product": {
                  "name": "vers:unknown/12.6.2_cscwk19536_et",
                  "product_id": "CSAFPID-2856891"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.6.2_cscwm96922_et",
                "product": {
                  "name": "vers:unknown/12.6.2_cscwm96922_et",
                  "product_id": "CSAFPID-2856892"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.6.2_cscwn48501_et",
                "product": {
                  "name": "vers:unknown/12.6.2_cscwn48501_et",
                  "product_id": "CSAFPID-2856894"
                }
              }
            ],
            "category": "product_name",
            "name": "Cisco Unified Intelligence Center"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20113",
      "cwe": {
        "id": "CWE-602",
        "name": "Client-Side Enforcement of Server-Side Security"
      },
      "notes": [
        {
          "category": "other",
          "text": "Client-Side Enforcement of Server-Side Security",
          "title": "CWE-602"
        },
        {
          "category": "other",
          "text": "Authorization Bypass Through User-Controlled Key",
          "title": "CWE-639"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2856825",
          "CSAFPID-2856815",
          "CSAFPID-2856819",
          "CSAFPID-2856858",
          "CSAFPID-2856823",
          "CSAFPID-2856816",
          "CSAFPID-2856857",
          "CSAFPID-2856820",
          "CSAFPID-2856863",
          "CSAFPID-2856864",
          "CSAFPID-2856817",
          "CSAFPID-2856856",
          "CSAFPID-2856866",
          "CSAFPID-2856854",
          "CSAFPID-2856821",
          "CSAFPID-2856870",
          "CSAFPID-2856855",
          "CSAFPID-2856861",
          "CSAFPID-2856822",
          "CSAFPID-2856868",
          "CSAFPID-2856867",
          "CSAFPID-2856859",
          "CSAFPID-2856824",
          "CSAFPID-2856865",
          "CSAFPID-2856860",
          "CSAFPID-2856853",
          "CSAFPID-2856852",
          "CSAFPID-2856851",
          "CSAFPID-2856850",
          "CSAFPID-2856848",
          "CSAFPID-2856844",
          "CSAFPID-2856838",
          "CSAFPID-2856839",
          "CSAFPID-2856818",
          "CSAFPID-2856847",
          "CSAFPID-2856849",
          "CSAFPID-2856846",
          "CSAFPID-2856841",
          "CSAFPID-2856826",
          "CSAFPID-2856840",
          "CSAFPID-2856835",
          "CSAFPID-2856836",
          "CSAFPID-2856837",
          "CSAFPID-2856834",
          "CSAFPID-2856832",
          "CSAFPID-2856833",
          "CSAFPID-2856830",
          "CSAFPID-2856831",
          "CSAFPID-2856871",
          "CSAFPID-2856872",
          "CSAFPID-2856873",
          "CSAFPID-2856874",
          "CSAFPID-2856845",
          "CSAFPID-2856842",
          "CSAFPID-2856843",
          "CSAFPID-2856827",
          "CSAFPID-2856828",
          "CSAFPID-2856829",
          "CSAFPID-2856869",
          "CSAFPID-2856862",
          "CSAFPID-2856876",
          "CSAFPID-2856877",
          "CSAFPID-2856881",
          "CSAFPID-2856886",
          "CSAFPID-2856878",
          "CSAFPID-2856875",
          "CSAFPID-2856879",
          "CSAFPID-2856880",
          "CSAFPID-2856883",
          "CSAFPID-2856893",
          "CSAFPID-2856882",
          "CSAFPID-2856885",
          "CSAFPID-2856884",
          "CSAFPID-2856887",
          "CSAFPID-2856888",
          "CSAFPID-2857053",
          "CSAFPID-2856890",
          "CSAFPID-2856889",
          "CSAFPID-2857052",
          "CSAFPID-2856891",
          "CSAFPID-2856892",
          "CSAFPID-2856894"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20113",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20113.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2856825",
            "CSAFPID-2856815",
            "CSAFPID-2856819",
            "CSAFPID-2856858",
            "CSAFPID-2856823",
            "CSAFPID-2856816",
            "CSAFPID-2856857",
            "CSAFPID-2856820",
            "CSAFPID-2856863",
            "CSAFPID-2856864",
            "CSAFPID-2856817",
            "CSAFPID-2856856",
            "CSAFPID-2856866",
            "CSAFPID-2856854",
            "CSAFPID-2856821",
            "CSAFPID-2856870",
            "CSAFPID-2856855",
            "CSAFPID-2856861",
            "CSAFPID-2856822",
            "CSAFPID-2856868",
            "CSAFPID-2856867",
            "CSAFPID-2856859",
            "CSAFPID-2856824",
            "CSAFPID-2856865",
            "CSAFPID-2856860",
            "CSAFPID-2856853",
            "CSAFPID-2856852",
            "CSAFPID-2856851",
            "CSAFPID-2856850",
            "CSAFPID-2856848",
            "CSAFPID-2856844",
            "CSAFPID-2856838",
            "CSAFPID-2856839",
            "CSAFPID-2856818",
            "CSAFPID-2856847",
            "CSAFPID-2856849",
            "CSAFPID-2856846",
            "CSAFPID-2856841",
            "CSAFPID-2856826",
            "CSAFPID-2856840",
            "CSAFPID-2856835",
            "CSAFPID-2856836",
            "CSAFPID-2856837",
            "CSAFPID-2856834",
            "CSAFPID-2856832",
            "CSAFPID-2856833",
            "CSAFPID-2856830",
            "CSAFPID-2856831",
            "CSAFPID-2856871",
            "CSAFPID-2856872",
            "CSAFPID-2856873",
            "CSAFPID-2856874",
            "CSAFPID-2856845",
            "CSAFPID-2856842",
            "CSAFPID-2856843",
            "CSAFPID-2856827",
            "CSAFPID-2856828",
            "CSAFPID-2856829",
            "CSAFPID-2856869",
            "CSAFPID-2856862",
            "CSAFPID-2856876",
            "CSAFPID-2856877",
            "CSAFPID-2856881",
            "CSAFPID-2856886",
            "CSAFPID-2856878",
            "CSAFPID-2856875",
            "CSAFPID-2856879",
            "CSAFPID-2856880",
            "CSAFPID-2856883",
            "CSAFPID-2856893",
            "CSAFPID-2856882",
            "CSAFPID-2856885",
            "CSAFPID-2856884",
            "CSAFPID-2856887",
            "CSAFPID-2856888",
            "CSAFPID-2857053",
            "CSAFPID-2856890",
            "CSAFPID-2856889",
            "CSAFPID-2857052",
            "CSAFPID-2856891",
            "CSAFPID-2856892",
            "CSAFPID-2856894"
          ]
        }
      ],
      "title": "CVE-2025-20113"
    },
    {
      "cve": "CVE-2025-20114",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "notes": [
        {
          "category": "other",
          "text": "Authorization Bypass Through User-Controlled Key",
          "title": "CWE-639"
        },
        {
          "category": "other",
          "text": "Client-Side Enforcement of Server-Side Security",
          "title": "CWE-602"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2856825",
          "CSAFPID-2856815",
          "CSAFPID-2856819",
          "CSAFPID-2856858",
          "CSAFPID-2856823",
          "CSAFPID-2856816",
          "CSAFPID-2856857",
          "CSAFPID-2856820",
          "CSAFPID-2856863",
          "CSAFPID-2856864",
          "CSAFPID-2856817",
          "CSAFPID-2856856",
          "CSAFPID-2856866",
          "CSAFPID-2856854",
          "CSAFPID-2856821",
          "CSAFPID-2856870",
          "CSAFPID-2856855",
          "CSAFPID-2856861",
          "CSAFPID-2856822",
          "CSAFPID-2856868",
          "CSAFPID-2856867",
          "CSAFPID-2856859",
          "CSAFPID-2856824",
          "CSAFPID-2856865",
          "CSAFPID-2856860",
          "CSAFPID-2856853",
          "CSAFPID-2856852",
          "CSAFPID-2856851",
          "CSAFPID-2856850",
          "CSAFPID-2856848",
          "CSAFPID-2856844",
          "CSAFPID-2856838",
          "CSAFPID-2856839",
          "CSAFPID-2856818",
          "CSAFPID-2856847",
          "CSAFPID-2856849",
          "CSAFPID-2856846",
          "CSAFPID-2856841",
          "CSAFPID-2856826",
          "CSAFPID-2856840",
          "CSAFPID-2856835",
          "CSAFPID-2856836",
          "CSAFPID-2856837",
          "CSAFPID-2856834",
          "CSAFPID-2856832",
          "CSAFPID-2856833",
          "CSAFPID-2856830",
          "CSAFPID-2856831",
          "CSAFPID-2856871",
          "CSAFPID-2856872",
          "CSAFPID-2856873",
          "CSAFPID-2856874",
          "CSAFPID-2856845",
          "CSAFPID-2856842",
          "CSAFPID-2856843",
          "CSAFPID-2856827",
          "CSAFPID-2856828",
          "CSAFPID-2856829",
          "CSAFPID-2856869",
          "CSAFPID-2856862",
          "CSAFPID-2856876",
          "CSAFPID-2856877",
          "CSAFPID-2856881",
          "CSAFPID-2856886",
          "CSAFPID-2856878",
          "CSAFPID-2856875",
          "CSAFPID-2856879",
          "CSAFPID-2856880",
          "CSAFPID-2856883",
          "CSAFPID-2856893",
          "CSAFPID-2856882",
          "CSAFPID-2856885",
          "CSAFPID-2856884",
          "CSAFPID-2856887",
          "CSAFPID-2856888",
          "CSAFPID-2857053",
          "CSAFPID-2856890",
          "CSAFPID-2856889",
          "CSAFPID-2857052",
          "CSAFPID-2856891",
          "CSAFPID-2856892",
          "CSAFPID-2856894"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-20114",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20114.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2856825",
            "CSAFPID-2856815",
            "CSAFPID-2856819",
            "CSAFPID-2856858",
            "CSAFPID-2856823",
            "CSAFPID-2856816",
            "CSAFPID-2856857",
            "CSAFPID-2856820",
            "CSAFPID-2856863",
            "CSAFPID-2856864",
            "CSAFPID-2856817",
            "CSAFPID-2856856",
            "CSAFPID-2856866",
            "CSAFPID-2856854",
            "CSAFPID-2856821",
            "CSAFPID-2856870",
            "CSAFPID-2856855",
            "CSAFPID-2856861",
            "CSAFPID-2856822",
            "CSAFPID-2856868",
            "CSAFPID-2856867",
            "CSAFPID-2856859",
            "CSAFPID-2856824",
            "CSAFPID-2856865",
            "CSAFPID-2856860",
            "CSAFPID-2856853",
            "CSAFPID-2856852",
            "CSAFPID-2856851",
            "CSAFPID-2856850",
            "CSAFPID-2856848",
            "CSAFPID-2856844",
            "CSAFPID-2856838",
            "CSAFPID-2856839",
            "CSAFPID-2856818",
            "CSAFPID-2856847",
            "CSAFPID-2856849",
            "CSAFPID-2856846",
            "CSAFPID-2856841",
            "CSAFPID-2856826",
            "CSAFPID-2856840",
            "CSAFPID-2856835",
            "CSAFPID-2856836",
            "CSAFPID-2856837",
            "CSAFPID-2856834",
            "CSAFPID-2856832",
            "CSAFPID-2856833",
            "CSAFPID-2856830",
            "CSAFPID-2856831",
            "CSAFPID-2856871",
            "CSAFPID-2856872",
            "CSAFPID-2856873",
            "CSAFPID-2856874",
            "CSAFPID-2856845",
            "CSAFPID-2856842",
            "CSAFPID-2856843",
            "CSAFPID-2856827",
            "CSAFPID-2856828",
            "CSAFPID-2856829",
            "CSAFPID-2856869",
            "CSAFPID-2856862",
            "CSAFPID-2856876",
            "CSAFPID-2856877",
            "CSAFPID-2856881",
            "CSAFPID-2856886",
            "CSAFPID-2856878",
            "CSAFPID-2856875",
            "CSAFPID-2856879",
            "CSAFPID-2856880",
            "CSAFPID-2856883",
            "CSAFPID-2856893",
            "CSAFPID-2856882",
            "CSAFPID-2856885",
            "CSAFPID-2856884",
            "CSAFPID-2856887",
            "CSAFPID-2856888",
            "CSAFPID-2857053",
            "CSAFPID-2856890",
            "CSAFPID-2856889",
            "CSAFPID-2857052",
            "CSAFPID-2856891",
            "CSAFPID-2856892",
            "CSAFPID-2856894"
          ]
        }
      ],
      "title": "CVE-2025-20114"
    }
  ]
}

WID-SEC-W-2025-1127

Vulnerability from csaf_certbund - Published: 2025-05-21 22:00 - Updated: 2025-05-21 22:00

Summary

Cisco Unified Intelligence Center und Cisco Unified Contact Center Express (UCCX): Mehrere Schwachstellen ermöglichen Privilegieneskalation

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Cisco Unified Intelligence Center ist eine webbasierte Berichtsanwendung für Contact Center. Cisco Unified Contact Center Express (UCCX) ist die Kontaktverwaltung für Cisco Unified Communications.

Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Cisco Unified Intelligence Center und Cisco Unified Contact Center Express (UCCX) ausnutzen, um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2025-20113

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Cisco Unified Contact Center Express (UCCX) <=12.5(1)SU3 Cisco / Unified Contact Center Express (UCCX)		<=12.5(1)SU3
Cisco Unified Intelligence Center <12.6(2)ES04 Cisco / Unified Intelligence Center		<12.6(2)ES04
Cisco Unified Intelligence Center <12.5(1)SU ES04 Cisco / Unified Intelligence Center		<12.5(1)SU ES04

CVE-2025-20114

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Cisco Unified Contact Center Express (UCCX) <=12.5(1)SU3 Cisco / Unified Contact Center Express (UCCX)		<=12.5(1)SU3
Cisco Unified Intelligence Center <12.6(2)ES04 Cisco / Unified Intelligence Center		<12.6(2)ES04
Cisco Unified Intelligence Center <12.5(1)SU ES04 Cisco / Unified Intelligence Center		<12.5(1)SU ES04

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://sec.cloudapps.cisco.com/security/center/c…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Cisco Unified Intelligence Center ist eine webbasierte Berichtsanwendung f\u00fcr Contact Center.\r\nCisco Unified Contact Center Express (UCCX) ist die Kontaktverwaltung f\u00fcr Cisco Unified Communications.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Cisco Unified Intelligence Center und Cisco Unified Contact Center Express (UCCX) ausnutzen, um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1127 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1127.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1127 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1127"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory vom 2025-05-21",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4"
      }
    ],
    "source_lang": "en-US",
    "title": "Cisco Unified Intelligence Center und Cisco Unified Contact Center Express (UCCX): Mehrere Schwachstellen erm\u00f6glichen Privilegieneskalation",
    "tracking": {
      "current_release_date": "2025-05-21T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-22T11:40:04.995+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1127",
      "initial_release_date": "2025-05-21T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-21T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=12.5(1)SU3",
                "product": {
                  "name": "Cisco Unified Contact Center Express (UCCX) \u003c=12.5(1)SU3",
                  "product_id": "1374357"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=12.5(1)SU3",
                "product": {
                  "name": "Cisco Unified Contact Center Express (UCCX) \u003c=12.5(1)SU3",
                  "product_id": "1374357-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "= 15",
                "product": {
                  "name": "Cisco Unified Contact Center Express (UCCX) = 15",
                  "product_id": "T044098",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unified_contact_center_express:15"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Unified Contact Center Express (UCCX)"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "= 15",
                "product": {
                  "name": "Cisco Unified Intelligence Center = 15",
                  "product_id": "T044072",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unified_intelligence_center:15"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c12.5(1)SU ES04",
                "product": {
                  "name": "Cisco Unified Intelligence Center \u003c12.5(1)SU ES04",
                  "product_id": "T044095"
                }
              },
              {
                "category": "product_version",
                "name": "12.5(1)SU ES04",
                "product": {
                  "name": "Cisco Unified Intelligence Center 12.5(1)SU ES04",
                  "product_id": "T044095-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unified_intelligence_center:12.5%25281%2529su_es04"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c12.6(2)ES04",
                "product": {
                  "name": "Cisco Unified Intelligence Center \u003c12.6(2)ES04",
                  "product_id": "T044096"
                }
              },
              {
                "category": "product_version",
                "name": "12.6(2)ES04",
                "product": {
                  "name": "Cisco Unified Intelligence Center 12.6(2)ES04",
                  "product_id": "T044096-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unified_intelligence_center:12.6%25282%2529es04"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Unified Intelligence Center"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20113",
      "product_status": {
        "known_affected": [
          "1374357",
          "T044096",
          "T044095"
        ]
      },
      "release_date": "2025-05-21T22:00:00.000+00:00",
      "title": "CVE-2025-20113"
    },
    {
      "cve": "CVE-2025-20114",
      "product_status": {
        "known_affected": [
          "1374357",
          "T044096",
          "T044095"
        ]
      },
      "release_date": "2025-05-21T22:00:00.000+00:00",
      "title": "CVE-2025-20114"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-20113 (GCVE-0-2025-20113)

Solutions

Solutions

Tags

Sightings

Nomenclature