Intrusion Prevention

Cisco.UCCX.RMI.Insecure.Deserialization

Description

This indicates an attack attempt to exploit an Insecure Deserialization Vulnerability in Cisco Systems Unified Contact Center Express (UCCX).
This vulnerability is due to deserialization of untrusted data. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution as root.

Affected Products

Cisco Systems Unified Contact Center Express (UCCX) prior to 12.0(1)ES03

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-rce-GMSC6RKN

CVE References

CVE-2020-3280