Critical Cisco Contact Center Bug Threatens Customer-Service Havoc


A critical security bug affecting Cisco’s Unified Contact Center Enterprise (UCCE) portfolio could allow privilegeescalation and platform takeover. Attackers could access and modify agent resources, telephone queues and other customerservice systems – and access personal information on companies’ customers. The bug (CVE202220658) is a particularly nasty one, with a critical rating of 9.6 out of 10 on the CVSS vulnerabilityseverity scale.

An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. There are patches available for this issue, but not workarounds.

Read More…