• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisco releases patch for critical bug affecting unified ccmp and

Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM

You are here: Home / General Cyber Security News / Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM
January 14, 2022

Cisco Programs has rolled out security updates for a critical security vulnerability affecting Unified Call Heart Administration Portal (Unified CCMP) and Unified Contact Middle Area Supervisor (Unified CCDM) that could be exploited by a distant attacker to consider handle of an impacted procedure.

Tracked as CVE-2022-20658, the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and worries a privilege escalation flaw arising out of a absence of server-facet validation of user permissions that could be weaponized to make rogue Administrator accounts by publishing a crafted HTTP request.

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“With these accounts, the attacker could access and modify telephony and user methods across all the Unified platforms that are involved to the susceptible Cisco Unified CCMP,” Cisco famous in an advisory revealed this week. ” To efficiently exploit this vulnerability, an attacker would want valid Superior Person qualifications.”

Unified CCMP and Unified CCDM solution variations 12.5.1, 12..1, and 11.6.1 and before jogging with default configuration are impacted, the networking products company claimed, including it located the issue as portion of a Specialized Support Heart (TAC) assistance situation. Edition 12.6.1 of the computer software is not afflicted.

Though there is no evidence that the security flaw has been exploited in real-earth attacks, it is advisable that people up grade to the most up-to-date edition to mitigate the risk connected with the flaws.

Observed this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to study far more unique content we post.


Some sections of this article are sourced from:
thehackernews.com

Previous Post: «microsoft yanks buggy windows server updates Microsoft Yanks Buggy Windows Server Updates
Next Post: Husband-Wife Arrested in Ukraine for Ransomware Attacks on Foreign Companies husband wife arrested in ukraine for ransomware attacks on foreign companies»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Ransomware Attacks Increasing at “Alarming” Rate
  • Senate Report: US Government Lacks Comprehensive Data on Ransomware
  • Popular PyPI Package ‘ctx’ and PHP Library ‘phpass’ Hijacked to Steal AWS Keys
  • Fronton IOT Botnet Packs Disinformation Punch
  • SIM-based Authentication Aims to Transform Device Binding Security to End Phishing
  • New Chaos Ransomware Builder Variant “Yashma” Discovered in the Wild
  • Open source packages with millions of installs hacked to harvest AWS credentials
  • DOE ‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌funds‌ ‌development of Qunnect’s Quantum Repeater
  • Cabinet Office Reports 800 Missing Electronic Devices in Three Years
  • Malware Analysis: Trickbot

Copyright © TheCyberSecurity.News, All Rights Reserved.